3

Let's say I have bought a USB-to-Bluetooth dongle and "paired" it with my wireless Bluetooth headphones which I purchased by accident, thinking that they were wired.

One of the biggest reasons I've always avoided wireless network, wireless mouse, wireless keyboard and wireless headphones, in spite of their obvious practical benefits, is that they feel fundamentally insecure to me.

How encrypted is the signal between my computer and the headphones? I don't want somebody to be able to pick it up and listen in to what I'm listening to. It might be very private and sensitive data. I don't think I've ever heard anyone even mention security/encryption at all in this context; it seems like people just started using it without questioning the potential security downside. (Hardly surprising, given their total lack of care for security in general.)

Could there really be any kind of powerful-enough decryption hardware in a cheap pair of headphones with Bluetooth as connectivity?

forest
  • 65,613
  • 20
  • 208
  • 262
  • 1
    Bluetooth itself is usually encrypted but as far as I remember the pairing process is the weak point as it is difficult to understand to what device you are actually pairing. This enabled man-in-the middle attacks especially for devices that do not make use of the pairing PIN. – Robert Jan 07 '22 at 21:20
  • Use bluetooth headphones when you don't need assurance, use non bluetooth headphones when you do... – J-- Jun 06 '22 at 10:51

1 Answers1

1

It depends, at least in part, on the highest version of Bluetooth is supported by both the dongle and the associated headphones. There are two main types in use, called BR/EDR (Basic Rate/Enhanced Data Rate) and LE (Low Energy). The confidentiality of data depends on the version:

BT versions

Both BR/EDR prior to 2.1 and LE prior to 4.2 are highly insecure. The former uses custom algorithms for key exchange, and the latter uses AES-128, but without any asymmetric cryptography, meaning that an attacker can decrypt all transmitted data merely by capturing the initial connection once.

BR/EDR from versions 2.1 to 4.0 uses ECDHE for key exchange. This is quite secure, but the curve they use is P-192, which provides only about 80 bits of classical security. This may be fine against all but attackers with supercomputers for now, but it's only barely adequate and is unlikely to stand up for long in the future. Furthermore, it uses an algorithm called E0 for encryption. E0 is a stream cipher which is designed around a type of algorithm called a LFSR. It's infamously difficult to design a secure cipher with LFSRs, and it's no surprise that E0 is rather weak. These versions of Bluetooth are likely to protect against basic attacks, but not against anyone with cryptanalytic capabilities.

BR/EDR version 4.1 and on, and LE version 4.2 and on are significantly more secure. They both use ECDHE with a much stronger curve, P-256, which provides 128 bits of classical security. They also use AES-CCM for encryption, which is an industry standard and is thought to be extremely secure. Only an attacker who has a theoretical quantum computer will be able to break the key exchange and passively listen in on you. An attacker who can break this is also likely to be able to break TLS!

Note that I am not taking into account active MITM attacks which can be possible depending on the pairing mechanism used. The end of this answer goes into more detail about the pairing mechanisms and their security, and which are capable of protecting against MITM attacks.


All of this is assuming that there are no side-channel attacks. Unfortunately, audio compression leaks information about the content of the audio in the bitrate. More compressible sequences of audio are compressed to a smaller size. Different phrases in human language result in different bitrate patterns, potentially allowing a passive attacker to determine, with high confidence, what is being said. The solution to this is to ensure the bitrate is independent of the compression ratio, which can be done by using a constant bitrate. I'm not sure what your Bluetooth headphones use.

forest
  • 65,613
  • 20
  • 208
  • 262