Bluetooth pairing flaw exposes devices to BIAS attacks

Bluetooth SIG has been forced to update the core specification after researchers reveal a severe flaw in BR/EDR pairing

Bluetooth-enabled devices including smartphones, laptops, tablets and Internet of Things (IoT) devices are vulnerable to attack due to fundamental flaws in the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) configuration.

The Bluetooth Special Interest Group (SIG) has been forced to update its specification after academics disclosed the vulnerability in the way connections are made between devices using BR/EDR. This configuration is also known as Bluetooth Classic.

Bluetooth Impersonation Attacks (BIAS) can be triggered after two devices have been paired, with hackers able to exploit the flaw to break security mechanisms and impersonate a device towards the host. This is according to research published by academics.

The flaw lies in the way two devices handle the long-term key that establishes their connection. Such a key is generated when two Bluetooth devices bond for the first time and derive keys for future connections without device owners undergoing the same arduous pairing process.

The BIAS attack was tested on more than 28 unique Bluetooth chips manufactured by a wide range of companies including Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All 30 devices tested by the academics were vulnerable.

Following initial bonding, hackers can fake the identity of previously paired devices and successfully connect without having to know the long-term pairing key that was established. From here, they can access data from a targeted device or take control of one.

BIAS can also be combined with other attacks, such as the Key Negotiation of Bluetooth (KNOB) attack, which was disclosed last year by the same research team. KNOB can be deployed to force participants in a Bluetooth key exchange to use an encryption key with just one byte of entropy, meaning hackers can successfully brute-force the key. From there, they're able to intercept on data being passed between devices.

“The BIAS attacks are the first uncovering issues related to Bluetooth’s secure connection establishment authentication procedures, adversarial role switches, and Secure Connections downgrades,” said authors Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen. 

“The BIAS attacks are stealthy, as Bluetooth secure connection establishment does not require user interaction. The BIAS attacks are at the architectural level of Bluetooth, thus all standard-compliant Bluetooth devices are a potential target.”

Bluetooth SIG, which oversees the Bluetooth standard, said it’s updating the Bluetooth Core Specification to clarify when role switches are permitted, to require mutual authentication and recommend checks for encryption-types to avoid a downgrade of secure connections. 

These changes will be introduced in a future specification revision, though until that occurs, the organisation has strongly recommended that vendors ensure the reduction of the encryption key length is not permitted. They should also take a number of additional steps to ensure security measures remain robust.

Some vendors may have implemented workarounds for the vulnerability when the researchers privately disclosed their attack in December 2019. As a result, users whose devices haven’t been updated after December 2019 are likely to be vulnerable, and devices updated since may have already been fixed.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021

Most Popular

University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021