International Association
for Cryptologic Research

In this talk, we present a side-channel attack on a Bluetooth chip embedded in millions of devices worldwide, from wearables and smart home products to industrial IoT. The attack marks a significant milestone as previous attempts to recover the encryption key from the proprietary hardware AES-CCM accelerator in this chip were unsuccessful. Our approach leverages side-channel information from AES computations that is unintentionally transmitted by the chip together with the RF signals. Unlike traditional side-channel attacks based on power or near-field EM emissions, the presented one leaves no evidence of tampering, eliminating the need for package removal, chip decapsulation, or additional soldered components. However, side-channel signals which we extract from RF signals are considerably weaker and noisier, requiring more traces for successful key recovery. The presented attack requires 180,000 traces, with each trace computed by averaging 10,000 measurements per encryption.