Categories: NewsTech

PSA: Your modern Bluetooth devices are at risk to new BIAS vulnerability

New research at the École Polytechnique Fédérale de Lausanne (EPFL) has brought up some worrying news. According to an official statement, experts described a new security vulnerability for devices that have support for the Bluetooth Classic protocol—which is basically every mobile device.

The vulnerability, named as BIAS (Bluetooth Impersonation AttackS), requires a malicious party (or their device) to be within close range of a victim’s device. This can result in perpetrators accessing and controlling victims’ devices.

But the issue isn’t limited to smartphones. While smartphones from major manufacturers like Apple, Samsung, Google, Nokia, and Motorola were tested, the report also states that tablets, laptops, headphones, and even SoC boards like the Raspberry Pi are at risk.

How does BIAS work?

The BIAS vulnerability works by taking advantage of a bug in the authentication process between devices. When Bluetooth-enabled devices communicate for the first time, a long-term key is generated. This key is then used for any subsequent interactions between the devices, which allows users to skip the cumbersome pairing process again.

During the authentication process, researchers say that attacking devices can spoof the address of a previously-paired device. Despite the lack of the long-term key, the connection is then completed. Once the attack is successful, perpetrators can then access, and even take control of victims’ devices.

SOURCE: Bluetooth.com

According to an official statement on Bluetooth.com:

“For this attack to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device that has previously established a BR/EDR bonding with a remote device with a Bluetooth address known to the attacker. For devices supporting Secure Connections mode, the attacker claims to be the previously paired remote device but with no support for Secure Connections.”

How to protect yourself

The Bluetooth Special Interest Group (SIG) is in the process of updating protocols so that authentication is required on both sides, even with legacy authentications. Checks will also be implemented to avoid dangerous encyrption downgrades—however, these changes will only be available in the future.

In the meantime, the group has advised vendors to implement several changes to protect users against BIAS:

“Bluetooth SIG is strongly recommending that vendors ensure that reduction of the encryption key length below 7 octets is not permitted, that hosts initiate mutual authentication when performing legacy authentication, that hosts support Secure Connections Only mode when this is possible, and that the Bluetooth authentication not be used to independently signal a change in device trust without first requiring the establishment of an encrypted link.”

For now, it’s advisable to be careful when receiving Bluetooth requests from devices that claim to be previously trusted. Be sure to only authenticate and communicate with trusted Bluetooth devices that you know to be genuine.

For the full report, you can click here. Read Bluetooth SIG’s full statement here.

[ SOURCE , 2 ]

Recent Posts

Vivo X200 series launching in Malaysia on 19th November 2024, pre-orders now open

Vivo has announced that it will be launching the Vivo X200 series in Malaysia on…

2 days ago

Samsung Galaxy A16 5G launched in Malaysia with 6 years of software updates

Samsung has just launched its latest budget-oriented smartphone, the Galaxy A16 5G here in Malaysia.…

2 days ago

Hold on a minute! Is Yes 5G giving you cashback to lower the cost of your iPhone 16?

This post is brought to you by Yes 5G. If you’ve been eyeing the latest…

2 days ago

RedMagic 10 Pro: Snapdragon 8 Elite powered gaming smartphone with huge 7,050mAh battery

Not too long after launching the RedMagic 9S Pro in Malaysia, the gaming brand under…

3 days ago

Oppo Find X8 and X8 Pro are the first global smartphones powered by MediaTek Dimensity 9400

The Oppo Find X8 series will be launching globally on 21st November 2024 and Malaysia…

3 days ago

Kia to introduce EVs priced below RM160K for emerging markets

During the recent 2014 Kia EV Day APAC, the Korean carmaker unveiled four new electric…

3 days ago

This website uses cookies.