Categories: NewsTech

PSA: Your modern Bluetooth devices are at risk to new BIAS vulnerability

New research at the École Polytechnique Fédérale de Lausanne (EPFL) has brought up some worrying news. According to an official statement, experts described a new security vulnerability for devices that have support for the Bluetooth Classic protocol—which is basically every mobile device.

The vulnerability, named as BIAS (Bluetooth Impersonation AttackS), requires a malicious party (or their device) to be within close range of a victim’s device. This can result in perpetrators accessing and controlling victims’ devices.

But the issue isn’t limited to smartphones. While smartphones from major manufacturers like Apple, Samsung, Google, Nokia, and Motorola were tested, the report also states that tablets, laptops, headphones, and even SoC boards like the Raspberry Pi are at risk.

How does BIAS work?

The BIAS vulnerability works by taking advantage of a bug in the authentication process between devices. When Bluetooth-enabled devices communicate for the first time, a long-term key is generated. This key is then used for any subsequent interactions between the devices, which allows users to skip the cumbersome pairing process again.

During the authentication process, researchers say that attacking devices can spoof the address of a previously-paired device. Despite the lack of the long-term key, the connection is then completed. Once the attack is successful, perpetrators can then access, and even take control of victims’ devices.

SOURCE: Bluetooth.com

According to an official statement on Bluetooth.com:

“For this attack to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device that has previously established a BR/EDR bonding with a remote device with a Bluetooth address known to the attacker. For devices supporting Secure Connections mode, the attacker claims to be the previously paired remote device but with no support for Secure Connections.”

How to protect yourself

The Bluetooth Special Interest Group (SIG) is in the process of updating protocols so that authentication is required on both sides, even with legacy authentications. Checks will also be implemented to avoid dangerous encyrption downgrades—however, these changes will only be available in the future.

In the meantime, the group has advised vendors to implement several changes to protect users against BIAS:

“Bluetooth SIG is strongly recommending that vendors ensure that reduction of the encryption key length below 7 octets is not permitted, that hosts initiate mutual authentication when performing legacy authentication, that hosts support Secure Connections Only mode when this is possible, and that the Bluetooth authentication not be used to independently signal a change in device trust without first requiring the establishment of an encrypted link.”

For now, it’s advisable to be careful when receiving Bluetooth requests from devices that claim to be previously trusted. Be sure to only authenticate and communicate with trusted Bluetooth devices that you know to be genuine.

For the full report, you can click here. Read Bluetooth SIG’s full statement here.

[ SOURCE , 2 ]

Recent Posts

This foldable smartphone redefines its segment with next-level design and performance

This post is brought to you by HUAWEI. In Q1 2024, HUAWEI captured an impressive…

13 hours ago

TM confirms staff and contractors involved in cable theft incident in Penang

Telekom Malaysia (TM) has acknowledged a cable theft incident in Tanjung Bungah, Penang involving their…

16 hours ago

Acer Revo Box Mini PC launched in Malaysia – 13th Gen Intel Core i5 & i7, priced from RM2,049

Acer has launched the Acer Revo Box Mini PC here in Malaysia. Offered in two…

18 hours ago

Proton e.MAS 7 EV supports wireless Android Auto, Apple CarPlay

One of the most common questions that we get whenever there is a new car…

18 hours ago

Samsung Galaxy S25 series launch happening on 22 January 2025?

As 2024 comes to an end, Samsung appears to be preparing for the launch of…

20 hours ago

Proton e.MAS 7 EV: Service schedule revealed, once a year or 20,000km

Proton e.MAS 7 is finally ready to make its mark in the local automotive market.…

1 day ago

This website uses cookies.