Billions of devices are vulnerable to hacking due to Bluetooth
Billions of devices are vulnerable to hacking due to Bluetooth

University researchers at the Applied Arts School in Lausanne (EPFL) have revealed security holes in the Bluetooth technology that allow attackers to counterfeit dual devices and infect billions of modern devices.

These attacks are referred to as (Bluetooth Analog Attack) or (BIAS) and refer to Bluetooth technology that supports basic throughput (BR) and extended data transfer rate (EDR) for wireless data transmission between home devices.

The researchers said in a report that Bluetooth specifications contain vulnerabilities that can simulate attacks during a secure connection, including the lack of mandatory mutual authentication and simplified authentication procedures.

Given the widespread impact of these vulnerabilities, the researchers said they shared the results with the SIG Group, which is responsible for monitoring the development of Bluetooth standards.

The GIS group identified these vulnerabilities and said it had made changes to address security concerns and said: "These changes will be incorporated into a review of future specifications."

For the BIAS attack to succeed, the attacking device must be within the wireless range of the pre-reconnected attacking Bluetooth device (BR / EDR) to another Bluetooth device, the attacker knows his address.

The error is caused by the way two previously paired devices interact with a long-range key (also known as a key), which is used to authenticate each other's devices and activate a secure connection between them.

Cookies also ensure that users do not have to pair devices every time data is transmitted between the wireless headset and the phone, or between two laptop computers.

An attacker could use the error to request a connection to the attacking device by forging the other party's Bluetooth address, and vice versa. This means that another device is emulated without a key and fully accessible to establish the connection.

BIAS attacks can be used in combination with other attacks (including KNOB attacks). This type of attack occurs when a third party is forced by two or more victims to accept the encryption key. This means that an attacker could obtain and use the encryption key. This is used to decrypt the connection.

Affected equipment:

The researchers mentioned that most of the standard-compliant Bluetooth devices were affected by vulnerability: they tested attacks on up to 30 devices, including smartphones, tablets, laptops, headphones, and Raspberry Pi devices, and found that they were all easy to use and attacked BIAS.

The group (SIG) stated that it had updated its basic Bluetooth specifications to avoid changing the secure connection back to the old version of the old encryption, and had also requested the company to make the necessary corrections. Users can also install the latest hardware and operating system manufacturers. To update.

The research team concluded that the BIAS attack is the first undiscovered issue with creating a secure Bluetooth connection and authentication process that reduces the level of secure communication. They said: "The BIAS attack is hidden because there is no need to establish a secure connection via Bluetooth. User interaction is required."

Previous Post Next Post