A research study carried out by the EPFL in Lausanne, Switzerland, CISPA in Saarbrücken, Germany, and the University of Oxford in the UK, has revealed the new ‘Bluetooth Impersonation AttackS’ (BIAS) that are focused on pairing mechanisms in Bluetooth BR/EDR (Bluetooth Classic) connections.
The BIAS attack
BIAS attack works against several commercial Bluetooth devices and firmware from Apple, Broadcom, Cypress, Intel, Samsung, and others.
The BIAS security flaw is associated with the long-term key, which is associated with the authentication process used by Bluetooth devices. Using this flaw, an attacker can spoof his identity to a previously paired device, and thus establish a connection with another device without knowing the long-term key established between two devices.
Several devices including smartphones (iPhone, Samsung, Google, Nokia, LG, Motorola), tablets (iPad), laptops (MacBook, HP Lenovo), headphones (Philips, Sennheiser), and system-on-chip boards (Raspberry Pi, Cypress) were tested and found vulnerable to this attack.
Most probably devices not updated after December 2019 are vulnerable to impersonation attacks.
Other security issues with the Bluetooth
It is often easy for hackers to discover new, previously unknown vulnerabilities in Bluetooth devices. The potential impacts could include spoofing, brute force, and exploitation of the vulnerability, to gain unauthorized access. Other than these, some fundamental design flaws in Bluetooth devices make them vulnerable to hacking.
In March 2020, vulnerabilities in the Bluetooth and vehicular diagnosis functions exposed Lexus and Toyota cars to remote attacks.
In February 2020, the SweynTooth vulnerability exposed flaws in specific BLE software development kits (SDKs) of seven major system-on-a-chip (SoC) vendors. Later in March, the U.S. Food and Drug Administration (FDA) also raised a warning about BLE attacks for all patients using Bluetooth-enabled medical devices and implants.
In November 2019, a critical vulnerability (CVE-2020-0022) was discovered affecting Android 8.0 to 9.0.
In August 2019, a new vulnerability dubbed ‘KNOB’ (CVE-2019-9506) was found infecting Bluetooth-enabled devices.
How to stay safe
Users should enable Bluetooth only if strictly necessary. Bluetooth users should install the latest updates from the device and operating system manufacturers. Also, users should change the default PIN codes in their Bluetooth devices.
The Bluetooth Special Interest Group (Bluetooth SIG) is updating the Bluetooth Core Specification to clarify when role switches are permitted, to require mutual authentication in legacy authentication and to recommend checks for encryption-type to avoid a downgrade of secure connections to safe encryption.
The standards organizations also urged vendors to integrate any necessary patches and stated that it is working to remedy this vulnerability.