Acoustic Eavesdropping Attacks on Constrained Wireless Device Pairing - Final
Secure \"Pairing\" of wireless devices based on auxiliary or Out-Of-Band (OOB) - audio, visual or tactile - communication is a well-established research direction. Specifically, Authenticated as well as Secret OOB (AS-OOB) channels have been shown to be quite useful for this purpose. Pairing can be achieved by simply transmitting the key or short password over the AS-OOB channel, avoiding potential serious human errors. This paper analyzes the security of AS-OOB pairing. Specifically, the authors take a closer look at three notable prior AS-OOB pairing proposals and challenge the assumptions upon which the security of these proposals relies, i.e., the secrecy of underlying audio channels. The first proposal (IMD Pairing) uses a low frequency audio channel to pair an implanted RFID tag with an external reader.