Predictable PIN codes
BR/EDR
BLE
One of the pairing methods used to generate the shared key between devices involves sharing a randomly generated PIN code, which the user must enter on the second device. Since the link key is derived from this PIN, it is essential that the generated value is not predictable.
To ensure this, the source used to generate PIN codes must provide sufficient unpredictability. Rudimentary pseudo random number generators, such as incremental counters or timestamp fragments, should be avoided. Instead, devices should rely on cryptographically secure random number generators. These generators provide the level of entropy required to ensure that attackers cannot predict the PIN or derive the resulting link keys, making them a significantly safer alternative to non‑cryptographic or weak implementations.
Description
To check the validity of the control, multiple pairings must be performed to collect data to detect patterns in the generated PIN numbers.
Some easily identifiable patterns are as follows:
- Successive PIN numbers: devices can be found that constantly increase the PIN number.
- Repeated PIN numbers: devices can be found that use pseudo-random generators that enter a loop after the generation of a known number of PIN codes.
The use of statistical tools or test suites for cryptographic fonts is recommended although they may require more time to study. Some of the most comprehensive tools and tests are listed below:
- DieHard statistical test
- NIST Cryptographic Algorithm Validation Program Testing: Random Number Generators
The control is fulfilled if no pattern can be determined in the received PIN numbers or ideally, if the sources of entropy for the generation of PIN codes is strong against the mentioned tests.
Related resources
To check this control, the following resources may be useful:
| ID | Description |
|---|---|
| BSAM-RES-04 | Bluetooth connections sniffing |
| BSAM-RES-05 | Capture of a Bluetooth connection |
| BSAM-RES-07 | Sending and receiving HCI messages |
Example case
The security of the Bluetooth communications of a car radio/infotainment unit is evaluated. After verifying the control BSAM-PA-02 (Input and output capabilities), it is concluded that the analyzed device exposes physical capabilities according to the available hardware, in this case a display and a YES/NO input since there is no full keyboard. Due to these input/output capabilities, the most secure authentication method involves PIN comparison generated by automatic methods based on secure entropy sources.
To evaluate the security of the system PIN generation, multiple pairing processes are initiated with a cell phone by capturing them using the technique BSAM-RES-05 (Capture of a Bluetooth connection). During this process it is evident that the device consistently displays an incremental PIN with the values 0000, 0001, 0003, and so on.
Therefore, this device does not overcome the control since the generation of PIN codes is predictable, so it is possible to take control of a pairing process.
