BlueRepli attack lets hackers bypass Bluetooth authentication on Android

BlueRepli attack lets hackers bypass Bluetooth authentication on Android

The findings were shared by researchers at the Black Hat USA 2020 virtual event.


There is probably no such mobile device that doesn’t include a Bluetooth feature. Bluetooth is a short-range wireless connection feature that’s an integral element of modern-day cellphones. However, just like it happens with every other cellphone component, even Bluetooth technology has been a target of hack attacks now and then.


With attacks like BlueBorne, KNOB, or BadBlueTooth, cybercriminals have tried to exploit handheld devices to fulfill their nefarious objectives. Now, we can add another Bluetooth vulnerability to this list- BlueRepli.


See: Google VP boycotts Black Hat 2020 because of its name


Security researchers Xin Xin and Sourcell Xu from California-based cybersecurity firm DBAPPSecurity disclosed two new Bluetooth attacks at the Black Hat USA 2020 virtual event held on 5th August.


 


One of the attacks is dubbed BlueRepli, through which an attacker can bypass Bluetooth authentication on Android devices without detection or requiring any user input. Through BlueRepli, it is possible to steal sensitive data from an Android device, including call records, contacts, and SMS verification codes. Moreover, attackers can send fake SMS messages to the user’s contacts.


T ..