A security researcher from the NCC Group has developed a tool that can bypass certain security mechanisms of Bluetooth Low Energy locks. In this way, the researcher can relay attack For example, break into cars.
These are locks that open when you detect that the key is close enough. This key can be a physical key, or built into a smartphone app. The problem is how the BLE protocol prevents criminals from intercepting and amplifying the key’s signal in order to unlock locks remotely. For example, it suits users of this protocol link layer encryption Or making the lock realize that it is an amplification attack due to increased latency.
Researcher Sultan Qasim Khan British NCC Group says To develop a tool to circumvent these procedures. For example, his tool hardens link-layer data, so that its encryption remains intact. In addition, the additional latency of his instrument with 8ms is within the margins of the BLE protocol.
According to the NCC, the Bluetooth SIG, which is responsible for the Bluetooth protocol, acknowledges the existence of a vulnerability in BLE and has warned users since 2015 that such relay attacks can be carried out. So the Bluetooth organization points out that proximity to the switch should not be the only protection measure.
At the same time, according to Khan, there are several of them Texas Instruments And Alps Alps That publishes the proximity of the BLE key only as a security measure. TI and Alps Alpine develop locks for cars and buildings, for example. Khan took advantage of the leak practically With Tesla Model 3 It is suspected that Model Y cars are also prone to leaking. Khan managed to unlock the car and get away with it. Tesla tells Khan that relay attacks are a “known limitation” of the passive entry system. It is not known if the leak was exploited by criminals.
Khan believes that end users should be given more information about BLE vulnerabilities and given the option to disable affinity-based access to the BLE key. Another solution is to use the Ultra-Wide Band or UWB. In UWB you can flight time They are used to verify that the key is indeed close. Khan also suggests that users should perform an action on their smartphone before unlocking.
“Coffee buff. Twitter fanatic. Tv practitioner. Social media advocate. Pop culture ninja.”