New security flaw affects nearly all Bluetooth devices

Ruben Fields
May 21, 2020

Academic researchers at the École Polytechnique Fédérale de Lausanne (EPFL), a research institute and university in Lausanne Switzerland, discovered a new vulnerability in the Bluetooth wireless protocol, which is used to interconnect modern devices like smartphones, laptops, IoT devices, and other smart devices.

You'll want to update the software and/or firmware on your Bluetooth device ASAP, although whether that fixes things depends on your device's manufacturer.

What's more, BIAS can be combined with other attacks, including the KNOB (Key Negotiation of Bluetooth) attack, which occurs when a third party forces two or more victims to agree on an encryption key with reduced entropy, thus allowing the attacker to brute-force the encryption key and use it to decrypt communications.

A group of academic researchers have discovered a new vulnerability in the Bluetooth wireless protocol that affects nearly all Bluetooth enabled devices.

The vulnerability as been named BIAS (Bluetooth Impersonation AttackS) and is focused on the classic version of the Bluetooth Protocol, which is also known as Bluetooth BR/EDR or Bluetooth Classic. By harnessing the bug, the attacker can fool the target device into validating the connection request without the need to learn the long-term key that was established in the past.

The research team said it disclosed the attack in December 2019, and since then, it is possible that some affected vendors have implemented workarounds for the vulnerability.

AstraZeneca to begin supply of Covid-19 vaccine in September
AstraZeneca said it had now finalised its licence agreement with Oxford University for the recombinant adenovirus vaccine. The pharmaceutical firm said it has secured the first agreements for at least 400 million doses of the vaccine.

"The BIAS attacks are the first uncovering issues related to Bluetooth's secure connection establishment authentication procedures, adversarial role switches, and Secure Connections downgrades", the research team concluded.

The BIAS security flaw leverages the way that devices handle link keys or long-term keys that are generated when two Bluetooth devices pair for the first time. "Our attacks target the standardized Bluetooth authentication procedure, and are therefore effective against any standard compliant Bluetooth device".

The Bluetooth SIG acknowledged the flaw, adding it has made changes to resolve the vulnerability. "For devices supporting Secure Connections mode, the attacker claims to be the previously paired remote device but with no support for Secure Connections".

As per the Github page of the BIAS assault, this vulnerability was identified to Bluetooth Special Interest Group (Bluetooth SIG) - the organisation that oversees the event of Bluetooth commonplace, in December 2019. However, on the time of disclosure, the analysis staff examined chips from Cypress, Qualcomm, Apple, Intel, Samsung, and CSR. Checks will also be implemented to avoid unsafe encyrption downgrades-however, these changes will only be available in the future. Bluetooth SIG is updating the Bluetooth Core Specification to make clear when function switches are permitted, to require mutual authentication in legacy authentication and to advocate checks for encryption-type to keep away from a downgrade of safe connections to legacy encryption.

It added, "The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers".

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER