Bluetooth flaw exposes countless devices to BIAS attacks

Bluetooth flaw exposes countless devices to BIAS attacks

As many as 30 smartphones, laptops and other devices were tested – and all were found to be vulnerable



A team of researchers has unveiled a new vulnerability in the Bluetooth wireless communication protocol that exposes a wide range of devices, such as smartphones, laptops, and smart-home devices, to the so-called Bluetooth Impersonation AttackS (BIAS).


Since the attacks are made possible by the flaws in the Bluetooth Classics specification, any standard-compliant Bluetooth device can be expected to be vulnerable, according to Daniele Antonioli, Kasper Rasmussen, and Nils Ole Tippenhauer, who made the discovery and described their findings in a technical paper.


The researchers tested the security weakness on a variety of devices, including laptops, tablets, and smartphones from popular consumer brands that were equipped with different versions of the Bluetooth protocol. “We conducted BIAS attacks on more than 28 unique Bluetooth chips (by attacking 30 different devices). At the time of writing, we were able to test chips from Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All devices that we tested were vulnerable to the BIAS attack.”


Here’s the list of the devices tested:



Source: francozappa.github.io



BIAS attacks are the first type of attacks that were successfully able to bypass Bluetooth’s authentication procedures that take place during the establishment of a secure connection, said the team. The flaws that are exploited in the attacks include lack of integrity protection, encryption, and mutual authentication.


During the pairing of two devices, a long-term key is generat ..

Support the originator by clicking the read the rest link below.