Online cyber threats are like diseases: they’re everywhere and you never know when they hit. A recent proof comes from a new discovery of the Purdue University team – the Bluetooth Low Energy Spoofing Attack (BLESA) enters the scene. With this type of cyber attack, wrongdoers could send data to a vulnerable device and thus cause various malfunctions.
Oddly enough, Windows devices aren’t affected. Apple, on the other hand, has patched the flaw. But the researches claim that many Android devices were still susceptible as of June.
Billions of devices could be affected
The prevalence of Bluetooth Low Energy devices is not lean at all, as the researchers estimate that billions of Internet of Things (IoT) devices can be impacted.
“To ease its adoption, BLE requires limited or no user interaction to establish a connection between two devices,” the researchers wrote. “Unfortunately, this simplicity is the root cause of several security issues.”
The new study paper describes how easy it is for an attacker to launch a BLESA attack: there’s a threat actor, upon discovering the server where a BLE-enabled device is connected, and it pairs with it for obtaining its attributes. The BLE protocol allows any device to connect with another BLE device to get the info.
“The client and the server may choose to disable [authentication] for a specific attribute,” say the researchers. “Therefore, in the case of the basic attribute, the confidentiality, integrity and authenticity goals of the attribute-access request and response can be violated.”
Feel old yet? There are countless ways to be a cyber thief online. However, we don’t encourage any of such kind of behaviors and we never will. The best way to stay protected is not to equip your device with a strong antivirus – it’s your own awareness.