Critical Bluetooth Vulnerability Let Hackers Compromise Billion of Devices

University researchers found a security vulnerability in Bluetooth technology allows an attacker to impersonate the identity of another device with the user initially seeks to connect without having a link key that used for pairing.

Bluetooth is a wireless technology, and it can be used to trick users’ mobile phones, tablets, and computers into connecting with unreliable devices as if we had accepted and trusted the connection.

In general, the vulnerabilities in the wireless protocols are really dangerous; first, they are used in billions of devices, and secondly, they communicate through all kinds of sensitive information.

This is a vulnerability that affects practically all devices with Bluetooth technology that have not been updated recently, and here’s the CVE ID of the flaw, “CVE-2020-10135.” 

In the conclusion of an investigation in which several security experts from Oxford, Germany, and Ecole Polytechnique Federale de Lausanne (EPFL) university in Switzerland have participated, have named this new vulnerability ‘BIAS‘ (Bluetooth Impersonation Attacks).

This attack is based on the way in which Bluetooth devices do not perform all the necessary checks if they have already been carried out the first time we connect with another device. Moreover, in December 2019, the Bluetooth SIG association was informed of this security hole, and since then, different manufacturers of devices and software have been releasing updates to fix it.

How BIAS works?

The security experts have claimed that it is possible for an attacker to spoof with an address previously associated with a device to complete the authentication process without having to use the link key, and carry out a Key Negotiation of Bluetooth (KNOB) attack.

In short, this spoofing attack is possible if the attacker has previously established a connection to the victim’s device or knows the address of an already paired device. 

This error actually depends on the Bluetooth technology that how it manages the keys of the already paired devices. And all these are used to create a secure connection between the two devices whenever necessary without having to manually pair them whenever you want to use them.

For example, you may notice that when you connect two devices via Bluetooth, like your smartphone and wireless headphones, for the first time, they always take a longer time to connect, but, when you connect them on other occasions after the first time, the process performs much faster.

In this way, we don’t have to wait longer every time to use our wireless headphones or any other devices, as you can see in the above diagram. 

Moreover, security experts have reported, “once two devices have been connected for the first time, the flaw allows an attacker to steal the identity of the connected devices without the initial key from which the keys are generated for each connection.”

The attacker gets access to the victim’s device and can carry out other types of attacks like requesting files stored on the mobile, once they are connected.

Security experts: It’s a serious flaw

The Bluetooth SIG claims that they have updated the specification of the Bluetooth standard to address the failure and recommend checking the encryption used on connections to avoid downgrades to the encryption used on older ones, that are more insecure protocols. And this last change will be introduced in the next specification of the standard.

Now the manufacturers who use Bluetooth in their devices will have to distribute firmware updates in the coming months to fix the problem, something that will be easier in some cases than in others. But, it is expected that millions of the devices will be left without updating if we stick to similar cases that occurred in the past.

Moreover, the security researchers have stated that “this security flaw is not the first to occur in Bluetooth. In general, Bluetooth is a technology that is used globally in all kinds of devices like mobile phones, smartwatch, headphones, and much more”. 

They also added, “the information that is transferred by them is not always trivial, as if you get access to a Bluetooth keyboard, then you can collect information from the computer or infect it with malware.”

CVSS Metrics

GroupScoreVector
Base4.8AV:A/AC:L/Au:N/C:P/I:P/A:N
Temporal4.8E:ND/RL:ND/RC:ND
Environmental4.8CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

This flaw was already patched since ‘December 2019’

All the devices that have received a security patch after December 2019 are protected, and if they have not received yet, then they are still vulnerable. To fix this security flaw, the security researchers have recommended manufacturers to avoid reducing the length of the encryption key below 7 octets.

In this investigation, the security researchers have tested the flaw on 30 different devices, including mobile phones, tablets, headsets, computers, and even Raspberry Pi as well, and they concluded they all are vulnerable to this flaw.You can also read the Vulnerability notes here.

So, what do you think about this? Share all your views and thoughts in the comment section below.

Also Read:

Critical Bluetooth Vulnerability Let Hackers Compromise Billion of Devices

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.