Researchers found a new Bluetooth bug that allows hackers to impersonate a trusted device

guest · May 19, 2020

Researchers found a new Bluetooth bug that allows hackers to impersonate a trusted device
Billions of Bluetooth devices are affected
May 19, 2020
https://www.techspot.com/news/85288...bluetooth-bug-allows-hackers-impersonate.html

In brief: A newly-discovered flaw in the Bluetooth protocol makes it possible for hackers to fool your mobile devices into connecting to a new device by mimicking a previously trusted device. While this likely affects most Bluetooth devices you might own, manufacturers only need to make relatively small changes to mitigate the risks.

The attack method, dubbed Bluetooth Impersonation Attacks or (BIAS), is related to Bluetooth Classic which supports two types of wireless data transfer between devices: Basic Rate (BR) and Enhanced Data Rate (EDR).
On a more positive note, for BIAS to be a viable option the attacker must bring their device within range of yours.

The vulnerability allows hackers to use that information to impersonate either a slave or a master device, meaning they can both read information from the target device or transmit data to it. And this is achieved by mimicking a previously trusted device and claiming to support only unilateral authentication, which is the lowest level of Bluetooth security.
Click to expand...

Researchers note that these attacks can be combined with others such as KNOB, and they can be easily performed using low-cost equipment such as a Raspberry Pi.
In light of the findings, Bluetooth SIG introduced a number of changes to the Bluetooth core specification [...]
Click to expand...

Bluetooth SIG Statement Regarding the Bluetooth Impersonation Attacks (BIAS) Security Vulnerability

BIAS: Bluetooth Impersonation AttackS
(PDF): https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf

Log in or Sign up

Researchers found a new Bluetooth bug that allows hackers to impersonate a trusted device

guest Guest

Log in or Sign up

Researchers found a new Bluetooth bug that allows hackers to impersonate a trusted device

guest Guest

Useful Searches