Replay attacks

BR/EDR

BLE

In a replay attack (or relay attack) an attacker intercepts and retransmits a valid message. This attack exploits the possibility that a legitimate message can be intercepted and forwarded by an attacker without being detected because there is no mechanism to validate and prevent sending the same message multiple times.

If an application requires custom security methods and decides to use cryptography for a particular service, application layer security methods must be adecuate to prevent replay attacks.

Not complying with this control may mean that, despite of the efforts of using application level security measures, theese can be bypassed.

Description

The procedure consists on capturing a valid packet or transaction of a service with custom security measures in place and sending it back to check wether it performs the desired actions or if the packet is ignored.

This control is considered satisfactory when it is verified that the device does not remotely accept the same update packet twice.

To check this control, the following resources may be useful:

IDDescription
BSAM-RES-04Bluetooth connections sniffing
BSAM-RES-05Capture of a Bluetooth connection