Posted on 05-19-2020.
A group of cybersecurity researchers has detected a severe security vulnerability in Bluetooth-based communication that can potentially enable bad actors to impersonate any Bluetooth master or slave device. The so-called Bluetooth Impersonation AttackS, or BIAS, was jointly described in a paper by Daniele Antonioli from École Polytechnique Fédérale de Lausanne, Kasper Rasmussen from University of Oxford, and Nils Ole Tippenhauer from CISPA Helmholtz Center for Information Security, on May 18.
“This is an issue because while pairing the victim devices establish a long term key that should protect them against impersonation attacks. However, with the BIAS attacks, we can bypass being asked to prove possession of such key and impersonate any target device including laptops, smartphones, headsets, and IoT devices.”The probe showed that during BIAS attacks bad actors can obtain all sorts of data, according to the device that the attacker is impersonating. “If the attacker impersonates a laptop to a smartphone and the victim sends a file containing sensitive information from the smartphone to the impersonated laptop, then the attacker gets access to that sensitive file,” Antonioli said. The researchers noted that the analysis was conducted in December 2019, and warned users that if their devices have not been updated since then, they are likely exposed to such kinds of attacks.
Is There a Way to Protect User Devices?To further elaborate on the matter, forklog.media contacted a senior software engineer/system architect, who chose to remain anonymous for corporate reasons. They suggested that the only way to potentially protect user devices from such kinds of attacks, at this point, is turning off Bluetooth on corresponding devices while out of physical bounds of a trusted environment. This is possible only given that manufacturers of the devices in question actually switch Bluetooth hardware's power off given appropriate command, they noted.
“There are also hypothetical options to establish stricter constraints onto Bluetooth connectivity, but a quick glance through Bluetooth-capable devices at hand had confirmed my initial suspicion that those are not supported,” the source added.Antonioli stated that the paper proposes a number of countermeasures, including mandatory mutual authentication and enforcement of strong security modes, and further said:
“Unfortunately, updating a document does not mean that all devices implementing that document are safe. Large-scale protection against the BIAS attacks is hard to realize in practice as it requires patching billions of devices. As we've already seen with the KNOB [Key Negotiation of Bluetooth] attack, most devices are not going to receive any patch or cannot be even patched remotely.”
“Now, whether any company would actually care enough to implement necessary security updates? With major companies, such as Apple, Google/Alphabet, Intel and Microsoft this shouldn’t be an issue: generally, fixes such as the one in question are routinely implemented as a matter of course, and most large corporations could also well be expected to conduct in a similar vein. As for other, smaller companies outside of giants’ ecosystems, it would really depend on an economic impact and on the weight of public outreach for such.”Meanwhile, Bluetooth-focused attacks have gained certain popularity among bad actors. Some attackers move beyond personal information stealing and even put people’s lives at risk. Thus, research lead for the PwC UK Cyber Security practice, Matt Wixey, discovered that hackers can access the speaker and volume controls for various devices through Bluetooth and use them to produce sounds at extreme volumes, that can potentially do harm to an individual’s health. Written by Ana Alexandre Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.