Security
Auracast: Breaking Broadcast LE Audio Before It Hits the Shelves
December 29, 2024
1:50 PM – 2:30 PM Add to calendar
1:50 PM – 2:30 PM Add to calendar
Saal ZIGZAG
Auracast, the new Bluetooth LE Broadcast Audio feature has gained some publicity in the last few months. The Bluetooth SIG has been working on the specification of this feature set in the past few years and vendors are only now starting to implement it. Auracast enables broadcasting audio to multiple devices. These broadcasts can also be encrypted. Unfortunately, the security properties of the protocol are vague and insufficient. It has already been shown that these broadcasts can be hijacked by anyone when unencrypted.
We explain the state of (in)security of the protocol and add to it by showing that even when encrypted, broadcasts can often be cracked easily. We also show that once equipped with the passcode, attackers can eavesdrop and hijack even encrypted broadcasts. Alongside the talk, we will release our toolkit to brute-force authentication codes, decrypt dumped Auracast streams, and hijack encrypted broadcasts.
Bluetooth Auracast is a marketing term for a subset of the new "LE Audio" features introduced in the Bluetooth 5.2 specification.
LE Audio is designed to provide better sound quality, longer battery life and new capabilities for audio devices like headphones, earbuds and especially hearing aids. Essentially, Auracast is an audio broadcast feature set for Bluetooth Low Energy. Our talk will focus on the new features introduced in the core spec, namely Broadcast Isochronous streams (BIS).
The protocol specification for Auracast was released several years ago, and vendors are only now beginning to implement application-level support for it. Previous research from 2023 (the "BISON" paper) has already shown that unencrypted Auracast broadcasts can be hijacked.
The Bluetooth specification is very vague in what security goals it tries to achieve for (encrypted) broadcasts. The core building block for LE Audio broadcasts are Broadcast Isochronous Streams (BIS). Security for BIS is only ever mentioned in terms of confidentiality, which is supposedly achievable by encrypting a BIS. In this talk we'll shed some light on the security properties of Auracast and show that authenticity and confidentiality can be violated, even when broadcasts are encrypted.
To examine whether the vague specification and the bad examples lead to real-world issues, we have surveyed several implementations of Auracast. We found that on popular devices the default configuration is weak and allows breaking the authenticity and confidentiality of the Auracast broadcast.
Alongside the talk, we will release a toolkit that allows to dump, decrypt and hijack encrypted Auracast broadcasts.
Additional information
| Live Stream | https://streaming.media.ccc.de/38c3/zigzag |
|---|---|
| Type | Talk |
| Language | English |
More sessions
| 12/27/24 |
With the iPhone 15 & iPhone 15 Pro, Apple switched their iPhone to USB-C and introduced a new USB-C controller: The ACE3, a powerful, very custom, TI manufactured chip. But the ACE3 does more than just handle USB power delivery: It's a full microcontroller running a full USB stack connected to some of the internal busses of the device, and is responsible for providing access to JTAG of the application processor, the internal SPMI bus, etc. We start by investigating the previous variant of the ...
|
| 12/27/24 |
In wenigen Wochen werden die Gesundheitsdaten von rund 73 Millionen in Deutschland Krankenversicherten ohne deren Zutun über Praxis- und Krankenhausgrenzen hinweg zentral in einer Akte zusammengeführt - in der [„elektronischen Patientenakte für alle“](https://www.bundesgesundheitsministerium.de/themen/digitalisierung/elektronische-patientenakte/epa-fuer-alle.html). Fortsetzung von 36C3 - [„Hacker hin oder her“: Die elektronische Patientenakte ...
|
| 12/27/24 |
We present fatal security flaws in the HALFLOOP-24 encryption algorithm, which is used by the US military and NATO. HALFLOOP-24 was meant to safeguard the automatic link establishment protocol in high frequency radio, but our research demonstrates that merely two hours of intercepted radio traffic are sufficient to recover the secret key. In the talk, we start with the fundamentals of symmetric key cryptography before going into the details of high frequency radio, HALFLOOP-24, and the ...
|
| 12/27/24 |
PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web Applications Fuzz testing is an automated approach to vulnerability discovery. Coverage-guided fuzz testing has been extensively researched in binary applications and the domain of memory corruption vulnerabilities. However, many web vulnerability scanners still rely on black-box fuzzing (e.g., predefined sets of payloads or basic heuristics), which severely limits their vulnerability detection capabilities. In this talk, we present our ...
|
| 12/27/24 |
The Chipolo ONE is a Bluetooth tracker built around the Dialog (now Renesas) DA14580 chip. This talk will present the research made on this device, from extracting the firmware from the locked down chip using fault injection up to getting remote code execution over Bluetooth. The talk will also present the disclosure process and how the vendor reacted to an unpatchable vulnerability on their product.
|
| 12/27/24 |
Digital identity solutions, such as proposed through the EU's eIDAS regulation, are reshaping the way users authenticate online. In this talk, we will review the currently proposed technical designs, the impact such systems will have, and provide an outlook on how techniques from modern cryptography can help to improve security and privacy.
|
| 12/27/24 |
Bewegungsdaten von 800.000 E-Autos sowie Kontaktinformationen zu den Besitzern standen ungeschützt im Netz. Sichtbar war, wer wann zu Hause parkt, beim BND oder vor dem Bordell.
|
