Remote Recovery of Bluetooth Chip AES‑128 Keys via RF Side‑Channel at Meter‑Scale Distance

Lead : Traditional electromagnetic side‑channel attacks require close proximity and chip decapsulation, but a new study shows that an attacker can recover a Bluetooth chip’s AES‑128 key from its RF emissions using only an antenna placed about 1 m away.

1. Attack Principle

The research, published on IACR ePrint by KTH, explains that Bluetooth chips emit a subtle “side‑effect” in their RF signal when the internal AES hardware accelerator performs encryption; this leakage carries information correlated with the secret key. By receiving the normal Bluetooth RF signal together with this leakage, the key can be extracted without any physical contact.

2. Attack Conditions and Capability

The experimental setup consisted of:

A standard receiver positioned 1 m from the target chip.

On average 10 000 sampled points per encryption trace.

Approximately 90 000 traces required to recover the full AES‑128 key.

A machine‑learning‑assisted side‑channel analysis pipeline.

Compared with earlier correlation‑power‑analysis (CPA) attacks, this method achieves roughly a two‑fold efficiency improvement.

The attack applies to the millions of Bluetooth chips deployed in wearables, smart‑home products, and industrial IoT devices.

3. Why This Attack Is More Dangerous

No physical contact required : The attacker does not need to approach the device, open its package, or solder components; a 1 m‑away antenna suffices.

Leave no trace : Because the device is untouched, there is no evidence of tampering, making the attack suitable for stealthy APT operations.

Passive RF listening : The chip’s normal communication provides the carrier, so the attacker does not need to transmit any probing signal, rendering detection difficult.

4. Relation to the “Screaming Channels” Work

The study builds on the 2018 “Screaming Channels” demonstration presented at Black Hat USA, which first showed key recovery from Bluetooth electromagnetic radiation but required much shorter distances.

Improvements introduced in the new work include:

Attack distance extended beyond 1 m.

Machine‑learning‑driven analysis dramatically reduces the number of required traces.

Optimizations targeting specific hardware AES accelerators.

5. Practical Impact

With the recovered AES‑128 key, an adversary can:

Forge Bluetooth pairing credentials and establish encrypted connections.

Decrypt Bluetooth traffic to steal sensitive data.

In some implementations, inject malicious payloads using the key.

This capability is especially critical for high‑value targets such as smart locks, keyless‑entry car systems, and industrial sensors.

6. Mitigation Recommendations

Defenses must be considered at multiple layers:

Chip design : Manufacturers should reduce key‑related RF leakage in hardware AES engines, possibly by lowering signal strength or adding randomised clock/power variations.

Firmware/driver : Implement masking schemes that disperse key operations in time and space.

Product level : For high‑security scenarios, overlay additional application‑layer encryption on top of Bluetooth so that compromise of the underlying key does not expose higher‑level data.

7. Conclusion

Bluetooth chip RF emissions constitute an under‑appreciated side‑channel source. While traditional thinking assumed that electromagnetic side‑channel attacks required laboratory‑grade equipment and close proximity, the availability of inexpensive SDRs and mature machine‑learning analysis is lowering the barrier, turning a theoretical risk into a practical one. Organizations deploying large numbers of Bluetooth‑enabled IoT devices should incorporate RF side‑channel threats into their threat models.