A Novel Bluetooth Man-In-The-Middle Attack Based On SSP using OOB Association model
This addresses security risks for Bluetooth-enabled mobile phone users, but it appears incremental as it builds on known weaknesses in SSP.
The authors tackled the security vulnerabilities in Bluetooth's Simple Secure Pairing (SSP) by proposing a novel Man-In-The-Middle (MITM) attack on mobile phones, and they introduced an Out Of Band (OOB) channeling method with enhanced security compared to previous approaches.
As an interconnection technology, Bluetooth has to address all traditional security problems, well known from the distributed networks. Moreover, as Bluetooth networks are formed by the radio links, there are also additional security aspects whose impact is yet not well understood. In this paper, we propose a novel Man-In-The-Middle (MITM) attack against Bluetooth enabled mobile phone that support Simple Secure Pairing(SSP). From the literature it was proved that the SSP association models such as Numeric comparison, Just works and passkey Entry are not more secure. Here we propose the Out Of Band (OOB) channeling with enhanced security than the previous methods.