Bluetooth Security

Publications

1. Y. Shaked and A. Wool. Cracking the Bluetooth PIN.
   In Proc. 3rd USENIX/ACM Conf. Mobile Systems, Applications, and Services (MobiSys), pages 39-50, Seattle, WA, June 2005.

2. O. Levy and A. Wool. A uniform framework for cryptanalysis of the Bluetooth E₀ cipher.
   Proc. 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), pages 365-373, Athens, Greece, September 2005.

3. Y. Shaked and A. Wool. Cryptanalysis of the Bluetooth E0 cipher using OBDD's.
   In Proc. 9th Information Security Conference, LNCS 4176, pages 187-202, Samos, Greece, August 2006.

Impact

1. March 2007: The Bluetooth SIG unveils the new Core Specification v2.1 + EDR. It includes a brand new pairing protocol, replacing the one we showed to be flawed.
2. Read my opinion about this on my CIO Advice Blog.
3. In 2008 it turned out that there are issues with Bluetooth 2.1 authentication as well: Check out Lindell's Black Hat 2008 presentation.
4. On the other hand Lindell also shows in this paper that some of the Bluetooth authentication modes are actually provably secure. So there is still much good in Bluetooth 2.1.

Press Coverage

1. Article in the Wall Street Journal, by Keith J. Winstein, June 16, 2005; Page B1. Registration required.
   Here is a scan from the European edition, and the text from the Online edition.
2. Hear Avishai speak about our work (1-minute video).
3. Article in The Chronicle: Wired Campus, by Matthew Kalman, March 29, 2007.
4. Article in New Scientist, by Celeste Biever, 03 June 2005
5. Bruce Schneier's weblog
6. Article in SMBtoday by Izhar Gavish (Hebrew), 14 June 2005. Registration required.
7. Discussion on slashdot
8. Security Focus advisory
9. One of our suggestions has been called BlueDump and was designated as wireless vulnerability WVE-2005-0013
10. Translations into: Russian, Swedish, Danish, Chinese, Portuguese, French, Italian, ...

Yaniv and Avishai at MobiSys'05