JUL 14

Back when we designed the security for Wireless USB, one of the attacks we protected against was the man-in-the-middle attack. From a product marketing perspective, this was one of the hardest features to get agreement on because it requires the end user to perform a manual verification step.

Many people think that manual verification hurts usability unnecessarily since, in their eyes, MITM attacks are very difficult to do. Their reasoning is as follows: It's extremely unlikely that an attacker would be present at the exact moment in space and time when the end user performs the security pairing. Therefore we really don't need MITM protection.

However, the more paranoid members of our team correctly pointed out that it would be trivial for an attacker to simply jam the transmission of one of the devices. The connection would then stop working. When faced with this situation, most users "reboot" the devices and perform the pairing ritual again.

We ended up including fairly robust protection against MITM attacks. Which is a good thing, since a recent article discusses how easy it is to force a Bluetooth device to dump its pairing data and initiate the rekeying process. This attacks the protocol directly and is even easier to accomplish than the denial-of-service-type jamming attack that we were concerned with.

tags: security wireless bluetooth
permalink | comments | technorati