Bluetooth vulnerability enables hackers to mimic genuine devices

Weaknesses in Bluetooth Core and Mesh Profile Specifications allow impersonation attacks

Hackers could exploit newly discovered flaws in Bluetooth Core and Mesh Profile Specifications to disguise themselves as legitimate devices and carry out man-in-the-middle (MitM) attacks.

Researchers at the Agence nationale de la sécurité des systèmes d'information (ANSSI) have found flaws in the Bluetooth Core Specification and Mesh Profile Specification that allow impersonation attacks and AuthValue disclosures.

The two specifications define the technical and policy requirements for devices that want to operate over Bluetooth connections.

The Bluetooth Impersonation Attacks, or BIAS, allow attackers to impersonate a device and to establish a secure connection with a victim without possessing the long-term key shared by the impersonated device and the victim. This bypasses Bluetooth's authentication mechanism.

"The BIAS attacks are the first uncovering issues related to Bluetooth's secure connection establishment authentication procedures, adversarial role switches, and Secure Connections downgrades," the researchers said. "Our attacks are stealthy because the Bluetooth standard does not require to notify end users about the outcome of an authentication procedure, or the lack of mutual authentication."

"To confirm that the BIAS attacks are practical, we successfully conduct them against 31 Bluetooth devices (28 unique Bluetooth chips) from major hardware and software vendors, implementing all the major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR."

Researchers added that the attacks work even when the victims use Bluetooth's strongest security modes, including SSP and Secure Connections.

Related Resource

Security awareness training strategies for account takeover protection

Why you need an inside-the-perimeter strategy for internal threats

Security awareness training strategies for account takeover protection - whitepaper from MimecastDownload now

"Our attacks target the standardized Bluetooth authentication procedure and are therefore effective against any standard-compliant Bluetooth device," the researchers said.

According to a Carnegie Mellon CERT Coordination Center advisory, the Android Open-Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are vendors affected by the security flaws.

The Bluetooth Special Interest Group (SIG), the organization that directs the development of Bluetooth standards, published a security notice about the flaws. It recommended potentially vulnerable implementations restrict the public keys accepted from a remote peer device to disallow a remote peer to present the same public key the local device chose.

"The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers," the organization said in a statement.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022