A group of researchers identified a failure in the communication protocol Bluetooth Called BIAS which exposes the security of cell phones, laptops and smart appliances that have not been updated recently. ANDsta vulnerability It would allow an attacker to impersonate the identity of one of the devices that are being connected through this way and thus steal confidential data from the other device.
Security researchers Daniele Antonioli (Federal Polytechnic School of Lausanne), Kasper Rasmussen (University of Oxford) and Nils Ole Tippenhauer (CISPA – Helmholtz Center for Information Security) identified this flaw in December 2019 and reported it to manufacturers for have them correct the problem. These Bluetooth spoofing attacks were dubbed by the researchers as BIAS and are described in detail in a recently released whitepaper.
What is the fault about
BIAS attacks manage to bypass the Bluetooth authentication procedures that take place when the connection is established between two devices. These are failures in the authentication process and encryption.
When two devices are paired via Bluetooth, a long-term key is generated that connects the devices to each other. Once the devices are paired, each time a secure connection is established it uses a different session key that is derived from the long-term key and other factors.
But this identified flaw allows the attacker to impersonate one of the devices that went through the authentication process and is linked, via Bluetooth, to the other computer, without knowing the key in the long term. In this wayAttackers can steal sensitive data from that device they “tricked” and even take control of it.
It is not the first time that these researchers have found failures in this communication protocol. In August 2019 they identified and reported the Bluetooth Key Negotiation (KNOB) failure. On this occasion, the specialists warned that a combined attack by BIAS and KNOB could generate major problems that could lead to the theft of sensitive information and other forms of manipulation of the content of the devices.
What devices are vulnerable
The researchers tested this vulnerability on a variety of devices, including smartphones, laptops, and tablets that were equipped with different versions of the Bluetooth protocol. “We perform BIAS attacks on more than 28 unique Bluetooth chips (attacking 30 different devices). Until now, we were able to test chips from Cypress, Qualcomm, Apple, Intel, Samsung, and CSR. All the devices we tested were vulnerable to the BIAS attack, “is mentioned in the statement. They also clarify that, although the tests were done on those chips, technically, the flaw affects any gadget that uses Bluetooth.
The authors of the work mention on their official site that in December 2019 they disclosed this information and it is possible that some providers have implemented alternative solutions for the vulnerability on their devices (although they do not confirm that this has happened).
How do I know if my device is vulnerable? The researchers say that if the device was not updated after December 2019 it is likely to be vulnerable to this type of attack. “The devices updated later can be repaired,” it clarifies.
The definitive solution to this failure will come eventually when the operation of the technology changes. Something that will come from the hand of the next Bluetooth standard that aims to bridge this security gap, as mentioned in your blog Bluetooth SIG, an entity that groups more than 34 thousand companies around the world and is focused on the development and optimization of this type of communication standard.
In the meantime, and until that new standard hits the market, users should keep in mind that the only way to ensure they receive security patches is by keeping their device’s operating system or firmware up-to-date.
MORE ABOUT THIS TOPIC:
Smart TVs and connected cameras: how IoT devices can become a gateway for hackers
iOS 13: a major vulnerability was discovered in the operating system before its release
How to use your cell phone as a security key
Why is it a very bad idea (and a risk) to always have the cellular wifi on