Skip to main content

Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack

Bluetooth

Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices.

The vulnerability, codenamed BIAS (Bluetooth Impersonation AttackS), impacts the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR/EDR, or just Bluetooth Classic.

The BIAS attack

The BIAS security flaw resides in how devices handle the link key, also known as a long-term key.

This key is generated when two Bluetooth devices pair (bond) for the first time. They agree on a long-term key, which they use to derive session keys for future connections without having to force device owners to go through the long-winded pairing process every time the Bluetooth devices need to communicate.

Researchers said they found a bug in this post-bonding authentication process. The flaw can allow an attacker to spoof the identity o a previously paired/bonded device and successfully authenticate and connect to another device without knowing the long-term pairing key that was previously established between the two.

Once a BIAS attack is successful, the attacker can then access or take control of another Bluetooth Classic device.

The research team said they tested the attack against a wide range of devices, including smartphones (iPhone, Samsung, Google, Nokia, LG, Motorola), tablets (iPad), laptops (MacBook, HP Lenovo), headphones (Philips, Sennheiser), and system-on-chip boards (Raspberry Pi, Cypress).

bias-results.pngbias-results.png
Image: Antonioli et. al

"At the time of writing, we were able to test [Bluetooth] chips from Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All devices that we tested were vulnerable to the BIAS attack," researchers said.

"Because this attack affects basically all devices that 'speak Bluetooth,' we performed a responsible disclosure with the Bluetooth Special Interest Group (Bluetooth SIG) - the standards organisation that oversees the development of Bluetooth standards - in December 2019 to ensure that workarounds could be put in place," the team added.

In a press release published today, the Bluetooth SIG said they have updated the Bluetooth Core Specification to prevent BIAS attackers from downgrading the Bluetooth Classic protocol from a "secure" authentication method to a "legacy" authentication mode, where the BIAS attack is successful.

Vendors of Bluetooth devices are expected to roll out firmware updates in the coming months to fix the issue. The status and availability of these updates is currently unclear, even for the research team.

BIAS + KNOB

The academic team behind the BIAS attack includes Daniele Antonioli from the Swiss Federal Institute of Technology in Lausanne (EPFL), Kasper Rasmussen from the CISPA Helmholtz Center for Information Security in Germany, and Nils Ole Tippenhauer from the University of Oxford, thh UK.

They are the same team who discovered and disclosed the KNOB (Key Negotiation of Bluetooth) attack in the summer of 2019.

The research team said that if an attacker combines BIAS and KNOB, they can break the authentication even on Bluetooth Classic devices running in a secure authentication mode.

As such, Bluetooth-capable devices must receive patches against both the BIAS (CVE-2020-10135) and KNOB (CVE-2019-9506) attacks to be fully secure.

Additional details about the BIAS attack are available on the vulnerability's official website, in a research paper titled "BIAS: Bluetooth Impersonation AttackS" [PDF], or the video presentation below.

Labels:

Comments

Post a Comment

Popular posts from this blog

Why Now Is The Time For Industry To Unlock The Full Potential Of IoT

When British technologist Kevin Ashton coined the phrase “internet of things” (IoT) in 1999, the world was only just getting acquainted with the nascent network of networks and how to access and use its many applications. In the more than two decades since, it has grown increasingly difficult to imagine a world in which our economies and communities were not supported and connected via the World Wide Web and the devices we use to access it. The number of firms that have incorporated IoT technologies into their businesses grew from 13% in 2014 to about 25% globally in 2019. In countries such as the United States, Germany, France and China, the rate of IoT adoption among enterprise-size commercial organizations exceeded 85%, according to a 2019 survey by Microsoft. And recent analyses from IDC predicted there will be 41.6 billion internet-connected devices by 2025, as worldwide commercial and consumer spending on IoT will exceed $1 trillion within the next three years. But the diffusion ...
Post a Comment
Read more

Programming language Rust: 5 years on from v1.0, here's the good and the bad news

The open-source project behind Rust has detailed the programming language's milestones over the past five years since releasing Rust version 1.0.  Rust was created at Mozilla and the project boasts that today, "Apple, Amazon, Dropbox, Facebook, Google, and Microsoft [are] choosing to use Rust for its performance, reliability, and productivity in their projects." "Rust is a general-purpose programming language empowering everyone to build reliable and efficient software. Rust can be built to run anywhere in the stack, whether as the kernel for your operating system or your next web app," the project says in a blogpost detailing milestones since 2015. Mozilla developers were using pre-1.0 Rust in 2014 to build its new Servo browser rendering engine for Firefox. A major goal was to eradicate memory-related security bugs in Firefox's Gecko rendering engine, many of which were due to C++'s "unsafe memory model".  Then last year, Microsoft started ex...
Post a Comment
Read more