March 13, 2025 by Dennis Heinze

CVE-2025-20908: Use of insufficiently random values in Samsung’s Auracast implementation

As part of our research into the Auracast feature set in Bluetooth, we also started looking into vendor implementations. At the time we started with our research, there weren’t a lot of products on the market yet. But new products are coming out pretty frequently now.

One of the vendors that had Auracast implemented pretty early was Samsung. At the time the Samsung Galaxy S23 and S24 phones were able to broadcast Audio, while the Galaxy Buds were able to join these broadcasts.

In our previous blog post we analyze the security of Auracast broadcasts. In short, broadcasts can be encrypted by specifying a so-called Broadcast Code (or Passcode). We show that the key derivation used to derive an AES key from the Broadcast Code is not sufficient to properly protect the broadcast. The weak key derivation, combined with the way the encryption works, allows an attacker to perform an efficient offline brute-force attack against captured Auracast packets. However, when the Broadcast Code is chosen properly, this attack can be made very difficult and likely economically unreasonable.

However, we found that the Bluetooth specification is lacking in this regard. Both the specification of the Broadcast Code itself, and the example values given in the specification and other documents are inadequate.

This, in our opinion, inadequate specification and the poorly chosen examples of Broadcast Codes lead us to suspect that vendors may not be aware of the requirements for a secure Broadcast Code.

This is essentially what happened with Samsung’s implementation.

Continue reading “CVE-2025-20908: Use of insufficiently random values in Samsung’s Auracast implementation”

Breaking, Misc

January 27, 2025 by Dennis Heinze

Part I: Bluetooth Auracast from a Security Researcher’s Perspective

Auracast, the new Bluetooth LE Broadcast Audio feature has gained some publicity in the past months. The Bluetooth SIG has introduced the LE Audio feature-set to the Bluetooth 5.2 Specification in 2019 and vendors are only now starting to implement it. Auracast facilitates broadcasting audio over Bluetooth LE to a potentially unlimited number of devices. It does not require pairing or interaction between the sender and the receivers.

We also presented this topic at 38c3. This blog post will contain similar contents albeit with some more details.

Continue reading “Part I: Bluetooth Auracast from a Security Researcher’s Perspective”

Breaking, Misc

October 21, 2021 by Dennis Heinze

Change Your BLE Passkey Like You Change Your Underwear

Using a static passkey for Bluetooth Low Energy pairing is insecure. Recent versions of the Bluetooth specification contain an explicit warning about this. However, in practice, we often see static passkeys being used. Moreover, there are no public implementations of proofs-of-concept that can practically show why using a static passkey is an issue. This is why we implemented one.

Continue reading “Change Your BLE Passkey Like You Change Your Underwear”

Breaking

April 22, 2020 by Jan Ruge

CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag

Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any
nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, Linux, etc.). Both, the firmware on the chip and the host Bluetooth subsystem, are a target for Remote Code Execution (RCE) attacks.

One feature that is available on most classic Bluetooth implementations is answering over Bluetooth pings. Everything an attacker needs to know is the device’s Bluetooth address. Even if the target is not discoverable, it typically accepts connections if it gets addressed. For example, an attacker can run l2ping, which establishes an L2CAP connection and sends echo requests to the remote target.

In the following, we describe a Bluetooth zero-click short-distance RCE exploit against Android 9, which got assigned CVE-2020-0022 . We go through all steps required to establish a remote shell on a Samsung Galaxy S10e, which was working on an up-to-date Android 9 when reporting the issue on November 3 2019. The initial flaw used for this exploit is still present in Android 10, but we utilize an additional bug in Bionic (Android’s libc implementation), which makes exploitation way easier. The bug was finally fixed in the security patch from 1.2.2020 in A-143894715. Here is a demo of the full proof of concept:

Continue reading “CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag”

Breaking

February 6, 2020 by Jan Ruge

Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag

On November 3rd, 2019, we have reported a critical vulnerability affecting the Android Bluetooth subsystem. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. Continue reading “Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag”

Events

May 2, 2019 by Rachelle Boissard

#TR19 Next Generation Internet (NGI) Summaries

This blogpost contains summaries of talks from this year’s TROOPERS19 Active Directory Security Track.

Microsoft IT (Secure) Journey to IPv6-Only

Veronika McKillop, Network Architect, Cloud and Connectivity Engineering (CCE)

The speaker, Veronika McKillop, working at Microsofts network infrastructure services, has given a talk about the process of switching a company network from IPv4 to IPv6-only. Continue reading “#TR19 Next Generation Internet (NGI) Summaries”

Misc

December 7, 2016 by Olga Yanushkevich

Research Diary: Bluetooth. Part 2

Recently we posted first part of our Bluetooth research diary. Today, we want to continue on that topic and tell you about Bluetooth proxying and packet replay with a new tool.

This time we had a new gadget to play with: our colleague Florian Grunow shared with us a curious IoT device – Bluetooth socks… real socks that you control with an app to heat your feet. The future is here… 😉 Continue reading “Research Diary: Bluetooth. Part 2”

Misc

November 22, 2016 by Olga Yanushkevich

Research Diary: Bluetooth

As you probably know we perform research on a regular base at ERNW.

We – Olga and Rafael – started with a research project about Bluetooth. Our first goal was to gain some knowledge about the tools used by most Linux systems to communicate with Bluetooth hardware, such as BlueZ. A good help for that was the amazing Bluetooth hacking workshop we had before (check the link in our blog!)

Continue reading “Research Diary: Bluetooth”

Breaking

September 9, 2016 by Kevin Schaller

Hardware Hacking Week @ ERNW

Internal workshops are one of the reoccurring events at ERNW, that help us to gain knowledge in areas outside our usual expertise. One of the recent workshops which happened during the week from August 22nd-25th was Hardware Hacking. Held by Brian Butterly (@BadgeWizard) and Dominic Spill (@dominicgs), this workshop took place in two parts. Brian kickstarted the introductory session by guiding us through the fundamental steps of Hardware Hacking. Brian did an excellent job of making things simpler by giving a detailed explanation on the basic concepts. For a beginner in hardware hacking, the topic could be rather intimidating if not handled properly.

Continue reading “Hardware Hacking Week @ ERNW”

Breaking

December 22, 2011 by Florian Horsch

How Safe is Smart?

Bluetooth Smart Ready Logo About two months ago the Bluetooth SIG renamed their latest standard, which was previously known as “Bluetooth v4.0”. When version numbers get higher and higher marketing likes to interfere and try something new. In this case: Bluetooth Smart.

Sounds smart, but is it?

Without getting into too much detail, let me quickly quote Wikipedia to get started:

“Cost-reduced single-mode chips, which enable highly integrated and compact devices, feature a lightweight Link Layer providing ultra-low power idle mode operation, simple device discovery, and reliable point-to-multipoint data transfer with advanced power-save and secure encrypted connections at the lowest possible cost.”

http://en.wikipedia.org/wiki/Bluetooth#Bluetooth_v4.0 (sounds more like a marketing text than a proper technical specification, but gives you a rough idea what you as an end-user can expect ;)).

So we’re talking about the usual stuff: Lower energy consumption combined with more functionality. Great!

Ubertooth One Description — Ubertooth One - Photo from: ubertooth.sourceforge.net

Sounds smart, but is it safe?

With “Bluetooth Smart Ready” products just coming in it’s too early to tell. But one thing is for sure: 2012 will be the year where every major consumer product (smartphones, heart-rate straps or even simple clocks) will be equipped with it. Oh, and guess what… a new wireless standard doesn’t just come along with a new shiny gadget. Obviously you need an app for that. How about tracking your heart beat? Personally I’m looking forward for the first Bluetooth Smart Ready cardiac pacemaker…

And back to security: Either you trust the Bluetooth committee which states “Bluetooth technology is an industry leader when it comes to wireless data security.”, OR you ask somebody who would tell you the plain truth (given there is one): Michael Ossmann.

Will it blend?

We did the latter and invited Michael to talk at TROOPERS12. He is a wireless security experts who also makes hardware tools to progress with his research. In early 2011 he successfully crowd-funded his latest gadget: Ubertooth One. A very capable Bluetooth monitoring device.

We’re looking forward to mid March where we all meet to discuss things in more depth at TROOPERS12. Until then keep yourself up-to-date and have a look into Michael’s latest blog entry: Bluetooth for Bad Guys

Have a wonderful Christmas time,
Florian

PS: Drop us a comment, when you find some “Bluetooth Smart Ready” labels under your Christmas tree 😉