Replay attacks

BR/EDR

BLE

In a replay (or relay) attack, an attacker intercepts and retransmits a valid message. This is possible when no mechanism exists to detect repeated transmissions or to ensure message freshness.

If an application implements custom security mechanisms and uses cryptography at the application layer for a specific service, these measures must adequately protect against replay attacks. Otherwise, even application level security can be bypassed.

Description

The procedure consists on capturing a valid packet or transaction of a service with custom security measures in place and sending it back to check wether it performs the desired actions or if the packet is ignored.

This control is considered satisfactory when it is verified that the device does not remotely accept the same update packet twice.

To check this control, the following resources may be useful:

ID Description
BSAM-RES-04 Bluetooth connections sniffing
BSAM-RES-05 Capture of a Bluetooth connection