Academic researchers at the École Polytechnique Fédérale de Lausanne (EPFL), a research institute and university in Lausanne Switzerland, discovered a new vulnerability in the Bluetooth wireless protocol, which is used to interconnect modern devices like smartphones, laptops, IoT devices, and other smart devices.
"The Bluetooth Special Interest Group (SIG) prioritizes security, and the specifications include a collection of features that provide developers the tools they need to secure communications between Bluetooth devices".
Since this is a Bluetooth vulnerability, it's a short-range attack, meaning that a hacker who wanted to compromise your device would have to be within about 30 feet for it to be effective, however a complicated rig is not necessary to carry out the attack, so it could be done surreptitiously from somebody sitting in the same coffee shop.
The paper details the report of the discovery, and the researchers explained extensively on how they found the bug in the post-bonding authentication procedure. This vulnerability has been named BIAS, (Bluetooth Impersonation Attacks), which would translate as Bluetooth Impersonation Attacks.More news: How Harry and Meghan spent their second wedding anniversary in lockdown
According to security researchers, unpatched security bugs remain in Bluetooth chips from companies like Apple, Intel, Qualcomm, Samsung, and others, allowing for Bluetooth Impersonation Attacks (BIAS). The researchers noted that some laptop vendors may have implemented "workarounds" for the Bluetooth vulnerability after they revealed the BIAS hacking method to the industry in December 2019.
BIAS can also be combined with other attacks, such as the Key Negotiation of Bluetooth (KNOB) attack, which was disclosed previous year by the same research team.
Essentially, BIAS attacks exploit a vulnerability in how Bluetooth devices handle long-term connections.
To carry out the attack, a bad actor would need to be within Bluetooth range of a vulnerable device, and know the Bluetooth address of a previously paired device. But because the flaws lie not in the devices themselves, but rather in the embedded Bluetooth chips that are used across a range of brands and devices, hundreds more models from an unknown number of manufacturers are likely to be just as vulnerable.More news: More than 2.4 million Americans filed for unemployment in the past week
Antonioli and his colleagues tested 31 devices directly and found them to be vulnerable to BIAS attacks. A successful BIAS attack allows an attacker to access or even take control of another Bluetooth Classic device.
The Bluetooth Special Interest Group (SIG) is in the process of updating protocols so that authentication is required on both sides, even with legacy authentications. "The BIAS attacks are stealthy, as Bluetooth secure connection establishment does not require user interaction". "These changes will be introduced into a future specification revision", the SIG said.
This can allow an attacker to negotiate a reduced encryption key strength - from mutual authentication to unilateral authentication - become the new authenticator, and start a secure session.
"The SIG also provides educational resources to the developer community to help them implement the appropriate level of security within their Bluetooth products, as well as a vulnerability response program that works with the security research community to address vulnerabilities identified within Bluetooth specifications in a responsible manner".More news: Biden holds 11-point lead over Trump: national poll