Bluetooth pairing flaw exposes devices to BIAS attacks

Bluetooth SIG has been forced to update the core specification after researchers reveal a severe flaw in BR/EDR pairing

Bluetooth-enabled devices including smartphones, laptops, tablets and Internet of Things (IoT) devices are vulnerable to attack due to fundamental flaws in the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) configuration.

The Bluetooth Special Interest Group (SIG) has been forced to update its specification after academics disclosed the vulnerability in the way connections are made between devices using BR/EDR. This configuration is also known as Bluetooth Classic.

Advertisement - Article continues below

Bluetooth Impersonation Attacks (BIAS) can be triggered after two devices have been paired, with hackers able to exploit the flaw to break security mechanisms and impersonate a device towards the host. This is according to research published by academics.

The flaw lies in the way two devices handle the long-term key that establishes their connection. Such a key is generated when two Bluetooth devices bond for the first time and derive keys for future connections without device owners undergoing the same arduous pairing process.

The BIAS attack was tested on more than 28 unique Bluetooth chips manufactured by a wide range of companies including Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All 30 devices tested by the academics were vulnerable.

Following initial bonding, hackers can fake the identity of previously paired devices and successfully connect without having to know the long-term pairing key that was established. From here, they can access data from a targeted device or take control of one.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

BIAS can also be combined with other attacks, such as the Key Negotiation of Bluetooth (KNOB) attack, which was disclosed last year by the same research team. KNOB can be deployed to force participants in a Bluetooth key exchange to use an encryption key with just one byte of entropy, meaning hackers can successfully brute-force the key. From there, they're able to intercept on data being passed between devices.

“The BIAS attacks are the first uncovering issues related to Bluetooth’s secure connection establishment authentication procedures, adversarial role switches, and Secure Connections downgrades,” said authors Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen. 

“The BIAS attacks are stealthy, as Bluetooth secure connection establishment does not require user interaction. The BIAS attacks are at the architectural level of Bluetooth, thus all standard-compliant Bluetooth devices are a potential target.”

Bluetooth SIG, which oversees the Bluetooth standard, said it’s updating the Bluetooth Core Specification to clarify when role switches are permitted, to require mutual authentication and recommend checks for encryption-types to avoid a downgrade of secure connections. 

Advertisement - Article continues below

These changes will be introduced in a future specification revision, though until that occurs, the organisation has strongly recommended that vendors ensure the reduction of the encryption key length is not permitted. They should also take a number of additional steps to ensure security measures remain robust.

Some vendors may have implemented workarounds for the vulnerability when the researchers privately disclosed their attack in December 2019. As a result, users whose devices haven’t been updated after December 2019 are likely to be vulnerable, and devices updated since may have already been fixed.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/hacking/355774/nigerian-hackers-swindle-millions-of-dollars-from-unemployment-systems
hacking

Nigerian hackers swindle millions of dollars from unemployment systems

22 May 2020
Visit/security/hacking/355773/hackers-take-on-unsuspecting-airliners-exposing-customer-data
hacking

Hackers take on unsuspecting airliners, exposing customer data

22 May 2020
Visit/security/hacking/355749/hackers-targets-game-developers-with-advanced-malware
hacking

Hackers target game developers with advanced malware

21 May 2020
Visit/security/hacking/355738/security-service-of-ukraine-arrests-infamous-hacker-sanix
hacking

Security Service of Ukraine arrests infamous hacker Sanix

21 May 2020

Most Popular

Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

5 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/cloud/cloud-computing/355742/microsoft-launches-public-cloud-service-for-health-care
cloud computing

Microsoft launches public cloud service for health care

21 May 2020