Nasty Bluetooth flaw affects billions of devices

BIAS: Bluetooth Impersonation AttackS

Once the BIAS attack is successful, an attacking device could be used to carry out other exploits, including accessing data sent via Bluetooth or even controlling the functions that a previously paired device would have.

You'll want to update the software and/or firmware on your Bluetooth device ASAP, although whether that fixes things depends on your device's manufacturer. We refer to our attacks as Bluetooth Impersonation AttackS (BIAS).

A bug in the post-bending authentication process allows an attacker to spoof the identity of an older device that was connected or paired with the target device in the past.

Any device that supports the Bluetooth Classic protocol is vulnerable to this type of attack. This vulnerability has been named BIAS, (Bluetooth Impersonation Attacks), which would translate as Bluetooth Impersonation Attacks.

The researchers tested Cypress, Qualcomm, Apple, Intel, Samsung and CSR chips and performed experiments on the following laptops: MacBook Pro, ThinkPad L390, ThinkPad X1 Carbon (3rd Gen), HP ProBook 430 G3, ThinkPad 41U5008, Lenovo IdeaPad U430 and ThinkPad X230. The BIAS Attack For BIAS to be successful, an attacking device would need to be within the wireless range of a vulnerable Bluetooth device that has previously established a BR/EDR connection with another Bluetooth device whose address is known to the attacker.

The vulnerability affects all devices using the standard and is unlikely to be patched in the near future, as it requires changes to the specification itself.

On the other hand, the researchers assure that it is very hard to carry out a BIAS attack.

The BIAS security flaw leverages the way that devices handle link keys or long-term keys that are generated when two Bluetooth devices pair for the first time. Additionally, the researchers noted that since the attack is standard compliant, it is effective against Legacy Secure Connections and Secure Connections, meaning all devices are vulnerable to this attack.

Because you often won't even realize when devices are connecting to one another via Bluetooth, it's a good idea to occasionally pop open your settings app on your phone (or any other device with Bluetooth connectivity), head to the Bluetooth tab, and take a look at all the devices that could potentially connect and note anything that is, in fact, already connected. But because the flaws lie not in the devices themselves, but rather in the embedded Bluetooth chips that are used across a range of brands and devices, hundreds more models from an unknown number of manufacturers are likely to be just as vulnerable.

There are many devices that currently have a Bluetooth chip to connect to each other and now we know that they are in danger.

The Bluetooth Special Interest Group (Bluetooth SIG) stated that it updated the Bluetooth Core Specification and recommended cross-checks for encryption-type to avoid a downgrade of secure connections to legacy encryption, which will be introduced in the upcoming specification. Checks will also be implemented to avoid risky encyrption downgrades-however, these changes will only be available in the future.

It added, "The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches".

This is because they operate on any of various different frequencies, and the devices hop between these frequencies hundreds of times per second.

Related:

Comments


Other news