Firmware Insider- Bluetooth Randomness is Mostly Random

Explore the intricacies of Bluetooth randomness in this 25-minute presentation by Jiska Classen at WAC 2020. Delve into various RNG variants, including the PRNG fallback mechanism and its randomness. Examine optimizations, cloud data uploads, and HRNG measurements. Investigate different variants, focusing on Variant 5 and Variant 4's PRNG inputs. Understand the role of time inputs and signal processing in randomness generation. Learn about randomness applications, active MITM attacks on numeric comparisons, and recent security patches. Gain insights into responsible disclosure practices and contemplate future security challenges in Bluetooth technology.

Firmware Insider Bluetooth Randomness is Mostly Random
RNG Variants 2 and 3
RNG Variant 2, PRNG Fallback
How random is the PRNG?
Optimizations
Uploading Random Data into the Cloud
HRNG Measurements
But what about the variants???
Variant 5
Variant 4: PRNG Inputs
Time Inputs
Signal Processing Inputs (1)
Where is randomness used anyway?
Active MITM on Numeric Comparison
The Patch (June 2020 Patchlevel)
Responsible Disclosure
Crystal Ball Security
Lessons Learned