Researchers Reveal A Bluetooth Protocol Flaw Which Could Effect Millions Of Devices

According to a study by a Swiss Research Institute, there is a flaw in a Bluetooth protocol that leaves millions of devices vulnerable to attacks.

The vulnerability which is called Bluetooth Impersonation AttackS (BIAS) allows hackers to pretend as a previously trusted device.

“In this paper, we demonstrate that the Bluetooth standard contains vulnerabilities enabling an attacker to impersonate a device and to establish a secure connection with a victim, without possessing the long term key shared by the impersonated device and the victim,” researchers at the Swiss Federal Institute of Technology Lausanne said in their report.

In this study, more than 28 Bluetooth chips from giant companies like Apple, Cypress, Qualcomm, Intel, Samsung, and CSR on nearly three dozen devices were found to be vulnerable.

Unlike the sophisticated name of this device, the attack is neither that difficult nor required a lot of hardware. The research team said that an attacker needs little more than a Raspberry Pi and one can hijack any device like a laptop, smartwatch, cellular phone, or earphones.

Information about this vulnerability was given to the manufacturers last December. Some of the companies responded immediately and rolled out updates.

The Problem

When two Bluetooth devices pair, a long-term encryption key is exchanged and stored. This is why you see a list of previously connected devices and this helps to avoid the lengthy setup again.

The flaw is basically a device’s failure to check the authenticity of a malicious device pretending as a known previously connected device utilizing a captured long-term encryption key. First of all, the Bluetooth secure connection is not encrypted and in addition, mutual authentication is not required on subsequent hookups, and devices using secure connections can rely on older, less secure connection protocols that allow access to hackers.

The reports say, “Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment. … Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade.“

“Any standard-compliant Bluetooth device can be expected to be vulnerable,” the researchers add.

The Bluetooth Special Interest Group (SIG) that takes care of Bluetooth protocols said that it will be updating the Bluetooth Core Specification which will cover mutual authentication rules and will strengthen security protocols.

More Information
Publication: https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf