Categories: NewsTech

PSA: Your modern Bluetooth devices are at risk to new BIAS vulnerability

New research at the École Polytechnique Fédérale de Lausanne (EPFL) has brought up some worrying news. According to an official statement, experts described a new security vulnerability for devices that have support for the Bluetooth Classic protocol—which is basically every mobile device.

The vulnerability, named as BIAS (Bluetooth Impersonation AttackS), requires a malicious party (or their device) to be within close range of a victim’s device. This can result in perpetrators accessing and controlling victims’ devices.

But the issue isn’t limited to smartphones. While smartphones from major manufacturers like Apple, Samsung, Google, Nokia, and Motorola were tested, the report also states that tablets, laptops, headphones, and even SoC boards like the Raspberry Pi are at risk.

How does BIAS work?

The BIAS vulnerability works by taking advantage of a bug in the authentication process between devices. When Bluetooth-enabled devices communicate for the first time, a long-term key is generated. This key is then used for any subsequent interactions between the devices, which allows users to skip the cumbersome pairing process again.

During the authentication process, researchers say that attacking devices can spoof the address of a previously-paired device. Despite the lack of the long-term key, the connection is then completed. Once the attack is successful, perpetrators can then access, and even take control of victims’ devices.

SOURCE: Bluetooth.com

According to an official statement on Bluetooth.com:

“For this attack to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device that has previously established a BR/EDR bonding with a remote device with a Bluetooth address known to the attacker. For devices supporting Secure Connections mode, the attacker claims to be the previously paired remote device but with no support for Secure Connections.”

How to protect yourself

The Bluetooth Special Interest Group (SIG) is in the process of updating protocols so that authentication is required on both sides, even with legacy authentications. Checks will also be implemented to avoid dangerous encyrption downgrades—however, these changes will only be available in the future.

In the meantime, the group has advised vendors to implement several changes to protect users against BIAS:

“Bluetooth SIG is strongly recommending that vendors ensure that reduction of the encryption key length below 7 octets is not permitted, that hosts initiate mutual authentication when performing legacy authentication, that hosts support Secure Connections Only mode when this is possible, and that the Bluetooth authentication not be used to independently signal a change in device trust without first requiring the establishment of an encrypted link.”

For now, it’s advisable to be careful when receiving Bluetooth requests from devices that claim to be previously trusted. Be sure to only authenticate and communicate with trusted Bluetooth devices that you know to be genuine.

For the full report, you can click here. Read Bluetooth SIG’s full statement here.

[ SOURCE , 2 ]

Recent Posts

ChargEV deploy EV chargers at 1 First Avenue and 8 First Avenue in Bandar Utama

Visitors and tenants at 1 First Avenue and 8 First Avenue can charge their EVs…

6 minutes ago

Gentari x MBPP turn on 120kW DC Charger near Maybank Tanjung Bungah

Gentari x MBPP continue to deploy more street-level EV chargers on the Island and the…

12 hours ago

Proton S70 revealed as the official Madani Taxi: A modern makeover for Malaysia’s taxi

Prime Minister Anwar Ibrahim has revealed the Proton S70 1.5T i-GT Premium which was launched…

17 hours ago

Not just for EVs: Malaysian taxis are getting the new JPJePlate

Two years ago, the Road Transport Department (JPJ) introduced the JPJePlate which sets the new…

22 hours ago

Why some ATMs are still charging RM1 for cash withdrawals despite the fee waiver

Effective 1st July 2026, Malaysians can make unlimited ATM cash withdrawals for free at over…

23 hours ago

JomCharge x DBKL turn on new 100kW DC Charger at Kuchai lama

JomCharge x DBKL continue to turn on more street-level EV charging locations in Kuchai Lama…

1 day ago

This website uses cookies.