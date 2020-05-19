All PCs and smartphones withproduced by Qualcomm, Apple, Broadcom, Cypress, Intel, Samsung and probably others tooand could easily be attacked by hackers. These are tens of millions of devices around the world.







The vulnerability has been renamed BIAS (Bluetooth Impersonation AttackS) and concerns the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR / EDR, or simply Bluetooth Classic. An attacker who is close enough to a device with one exploits this vulnerability vulnerable Bluetooth connection it could easily succeed take complete control of the other device. BIAS was discovered by a team of researchers from the Federal Research Institute in Lausanne, Switzerland, the Helmholtz Center in Germany and the University of Oxford in the UK.

Bluetooth: How the BIAS vulnerability works

There BIAS security flaw resides in the way that Bluetooth Classic devices manage the connection key, also known as long-term key. This key is generated when two Bluetooth devices pair for the first time: they agree on a long-term key, which they use to derive session keys for future connections without having to force device owners to do it again pairing whenever devices need to communicate.

Researchers have found a bug in this authentication process which can allow an attacker to falsify the identity of a previously paired device. In this way one of the devices can be paired with an unknown third device, which pretends to be the second (previously paired previously). Once a BIAS attack is successful, the attacker can then take control of another Bluetooth Classic device.

BIAS vulnerability: the affected devices

The research team successfully tested the attack on one wide range of devices, including smartphones (iPhone, Samsung, Google, Nokia, LG, Motorola), tablets (iPad), laptops (MacBook, HP Lenovo), headphones (Philips, Sennheiser) and system-on-chip cards (Raspberry Pi, Cypress). However, it is very likely that as this is a vulnerability inherent in the Bluetooth Classic protocol itself even chip devices from other manufacturers may suffer.

Patch coming soon

Before disclosing this vulnerability, the researchers communicated it (in December 2019) to Bluetooth Special Interest Group (Bluetooth SIG), the organization of standards that oversees the development of Bluetooth standards. The SIG communicated a few hours ago that it had updated Bluetooth Core specifications to prevent hackers from exploiting the do BIAS. Bluetooth device manufacturers are expected to implement firmware updates in the coming months to resolve the issue. The status and availability of these updates are currently unclear, even for the research team.