Security researchers from three universities in Europe have found multiple weaknesses in the ubiquitous Bluetooth protocol that could allow attackers to impersonate a paired device and establish a secure connection with a victim.
Most standard Bluetooth devices are vulnerable to the issue, according to the researchers, who successfully tested a proof-of-concept attack they developed against 31 Bluetooth devices from major hardware and software vendors. Bluetooth chips from Apple, Intel, Qualcomm, Cypress, Broadcomm, and others are all vulnerable to the attacks. Adversaries can impersonate any Bluetooth-enabled device from smartphones and laptops to IoT devices, the researchers say.
However, because an attacker would need to be physically close to a target and need to know certain information about the target, the likelihood of mass or random drive-by attacks is low, according to some security experts.
The three researchers who discovered the issue are: Daniele Antonioli, from the Swiss Federal Institute of Technology, Lausanne (EPFL); Nils Ole Tippenhauer from the CISPA Helmholtz Center for Information Security in Germany; and Kasper Rasmussen from the University of Oxford's computer science department.
The researchers say Bluetooth impersonation attacks are possible because of vulnerabilities in the standard including the lack of a mandatory mutual authentication mechanism, overly permissive role switching, and inadequate protections against encryption downgrades when two devices are securely paired. "The [issues] are at the architectural level of Bluetooth, thus all standard compliant Bluetooth devices are a potential target," the researchers said in a technical paper.
They described the vulnerabilities as allowing an attacker to essentially i ..
Support the originator by clicking the read the rest link below.
