A Bluetooth fault can leave your phone at risk and this vulnerability is seen across all devices. Researchers found that they had found a vulnerability named Bluetooth Impression Attack (BIAS) that could allow someone to gain access to a target device (such as a smartphone or laptop) by impersonating the identity of a previously coupled device. The researchers found the vulnerability in December 2019, and reported to the Bluetooth Special Interest Group (Bluetooth SIG) – the standards organization that oversees Bluetooth – about it. However, this problem has not been completely overcome as yet Bluetooth SIG has “encouraged” fixes from manufacturers, and recommended that users receive the latest updates for their devices.
The research team said the attack was tested against a variety of devices, including Apple, Samsung, Google, Nokia, LG, and manufacturers of Motorola, HP, Lenovo’s laptops, Apple MacBook, Philips’ Philips, and smartphones such as Senhizer Are included. As well as the iPad. They tried a BIAS attack on 31 Bluetooth devices with 28 unique Bluetooth chips from Apple, Qualcomm, Intel, Cypress, Broadcom and others. All of the 31 attacks were successful. “Our attacks allowed the installation of Bluetooth master and slave devices and to establish a secure connection without knowing the long-term key shared between the victim and the impersonated device,” the researchers said. He said that the Bluetooth standard in this attack lacked integrity protection, encryption and mutual authentication.
What is BIAS?
Researchers Daniel Antonioli, Caspar Rasmussen and Nils Ole Tippenhauer Noted That BIAS Bluetooth Basic Rate Extended Data Rate (BR / EDR) is a vulnerability found in wireless technology, also known as Bluetooth Classic. This technology is standard for wireless personal area networks. A Bluetooth connection usually involves a connection between a host and a client device. When two devices are paired for the first time, a key or address is generated, which allows the Bluetooth connection between the two devices to be seamless. Although Bluetooth provides standard security features and / or protection against manipulation of information, a BIAS attack can impersonate this key or address, and connect to a device without the need for authentication , Because it appears as if it were before. Made.
Once connected, the attacker can gain access to the target device over a Bluetooth connection. This in turn can open many possibilities for any type of malicious attack on the device targeted by the BIAS. Additionally, the researchers stated that since the attack is standard compliant, it is effective against legacy secure connections and secure connections, meaning that all devices are vulnerable to the attack.
However, for this attack to be successful, an attacker device must be within the wireless range of a vulnerable Bluetooth device that has previously established a BR / EDR bonding with a remote device with a Bluetooth address known to the attacker Is, noted the Bluetooth SIG.
What can users do?
According to Github Page In the BIAS attack, this vulnerability was pointed to the Bluetooth Special Interest Group (Bluetooth SIG) – an organization overseeing the development of the Bluetooth standard in December 2019. However, at the time of disclosure, the research team tested chips from Cypress. Qualcomm, Apple, Intel, Samsung and CSR. It was found that all these devices were vulnerable to BIAS attack. Researchers said that some vendors may have implemented a workaround on their devices, which may be unsafe if a user’s device is not updated after December 2019.
Also gave Bluetooth SIG Statement In response to this vulnerability and said that it is working on a remedy. Bluetooth SIG is updating the Bluetooth core specification to allow when role switches are allowed, mutual authentication is required in legacy authentication and for encryption-type to avoid downgrades of secure connections for legacy encryption Investigation is recommended. These changes will be introduced in future specification amendments, it said.
It added, “Bluetooth SIG is informing our member companies in detail about this vulnerability and its treatment and encouraging them to rapidly integrate any necessary patches. As always, Bluetooth Users should ensure that they have installed the latest recommended updates from the device. Operating system manufacturer. “