The complex nature of Bluetooth continues to cause security problems for the low-powered, short-range wireless technology, with academic researchers releasing a parade of new attacks against the technology in the past few months.
On Sept. 9, the Bluetooth Special Interest Group (SIG) issued a statement regarding two papers released by university researchers that described ways of undermining the security of paired Bluetooth devices in specific circumstances. Last month at the Workshop on Offensive Technologies (WOOT) conference, a group of researchers from Purdue University also showed off several weaknesses that could allow attackers to spoof a device that had previously been paired using the Bluetooth Low Energy (BLE) protocol. And in May, researchers presenting at the IEEE Symposium on Security and Privacy showed off a similar attack that abuses a flaw in the specification to allow the impersonation of a paired device.
The complexity of the Bluetooth ecosystem and the large number of implementations have made security hard to achieve, while the rise in easier-to-use Bluetooth auditing tools, such as the InternalBlue open source toolkit, has made it easier for vulnerability researchers to do their work, says Yossi Oren, a senior lecturer at Ben-Gurion University in Israel and a researcher in the school's Implementation Security Lab.
"It used to be difficult to research Bluetooth because the hardware was closed and tightly controlled," Oren says. "Recently it's been getting much easier to hack Bluetooth ... [because] you don't need any customer radio platform or special technical skills."
The three different attacks — dubbed the Bluetooth Low Energy Spoofing Attack (BLESA), the bluetooth security weaknesses while patching remains problematic
