A new vulnerability present in the Bluetooth Wireless Protocol has been discovered. Bluetooth chips are present in a large number of devices, including laptops, smartphones, tablets, and select IoTs, as it facilitates intercommunication between devices and several features, including the ability to stream audio, transfer files or modify settings on one device via a different one.
The vulnerability as been named BIAS (Bluetooth Impersonation AttackS) and is focused on the classic version of the Bluetooth Protocol, which is also known as Bluetooth BR/EDR or Bluetooth Classic.
Attack vector
BIAS attacks rely on the manner in which a device handles the link key. This key is generated when two devices are paired for the first time and ensures that they will be able to pair again without the need to repeat the pairing process every time.
A bug in the post-bending authentication process allows an attacker to spoof the identity of an older device that was connected or paired with the target device in the past. By harnessing the bug, the attacker can fool the target device into validating the connection request without the need to learn the long-term key that was established in the past.
An infected device becomes a nexus
Once a successful connection has been established, the attacker will gain the ability to target other devices or collect valuable data from the current one.
The security researchers who explored the vulnerability stated that it was tested against a significant number of devices, including smartphones made by Apple, Samsung , Google and LG, laptops, tablets, and even headphones.
Bluetooth Special Interest Group, the organization which oversees the development requirements for the popular standard, was notified about the vulnerability in December 2019. In a press release that was offered recently, the company has stated that the Bluetooth Core Specification has been patched to prevent attackers from downgrading the Bluetooth Classic protocol to a vulnerable legacy authentication method, which facilitates BIAS attacks.
