Vulnerability in the Bluetooth software stack opens the door to hackers
A newly discovered critical vulnerability in the Bluetooth software stack has the potential to expose billions of devices to hacking.
Detailed by researchers at Purdue University, the new vulnerability has been dubbed BLESA, short for Bluetooth Low Energy Spoofing Attack. The vulnerability relates to the reconnection process in the BLE software stack.
That process is where two previously paired Bluetooth devices reconnect and involves both devices checking each other’s cryptographic keys to reconnect. But as per the research, the standard in the software means the checking part isn’t compulsory.
Specifically, the software standard sets authentication during a reconnect as optional, opening the door to an attack. In addition, authentication can be circumvented if a BLE device fails to force another device to authenticate cryptographic keys while reconnecting.
The vulnerability doesn’t exist in all implementations of BLE, and Windows is surprisingly immune. The vulnerability was, however, found in BlueZ, a Linux-based implementation of BLE used in “internet of things” devices; Flouride, used in Android; and in the iOS BLE stack. Apple Inc. is said to have fixed the vulnerability in iOS and iPadOS 13.4, while Android BLE remains vulnerable.
“To prevent BLESA, we need to secure the reconnection procedure between clients and their previously-paired server devices,” the report concludes. “We can achieve this by improving the BLE stack implementations and/or updating the BLE specification.”
Given the extent to which BLE is used across billions of devices ranging from computers, smartphones and IoT devices, the implication of the vulnerability is staggeringly large in term of security.
“The BLESA vulnerability could have far-reaching, long-lasting impact and opens Bluetooth devices up to a range of possible attacks,” Paul Bischoff, privacy advocate at research firm Comparitech Ltd., told SiliconANGLE. “Those attacks will vary depending on the Bluetooth device and what information it sends over BLE when reconnecting. Given the ubiquity of BLE and the fact that many Bluetooth IoT devices don’t have automatic update mechanisms, the vulnerability might never be patched on many devices, and so will remain a viable attack vector for a long time.”
Chris Hauk, consumer privacy champion at privacy site Pixel Privacy, noted that this is just the latest discovery to involve security issues with Bluetooth connections.
“Unfortunately, as it has been with previous Bluetooth bugs, sysadmins face a nightmare of attempting to patch all vulnerable devices and that’s only if there is a patch available,” he said. “It is also unfortunate that standard users of mobile and other devices will not patch their devices if and when a patch becomes available.”
Photo: Pikist
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU