Billions of devices vulnerable due to new BLSA Bluetooth hack

Bluetooth hacks are not new, but hackers have found a completely new angle of attack on the protocol which has left billions of devices vulnerable to being hacked.

A team of security researchers at the Purdue University has discovered a weakness in how devices authenticate when reconnecting Bluetooth LE connection.

Advertisements

The Purdue research team said the official BLE specification was not strict enough in describing the implementation process which introduced the following weaknesses.

  • The authentication during the device reconnection is optional instead of mandatory.
  • The authentication can potentially be circumvented if the user’s device fails to enforce the IoT device to authenticate the communicated data.

This means hackers can force a disconnect (e.g. via interference) and then bypass reconnection verifications and sends spoofed data to a BLE device with incorrect information,

Researchers found that BlueZ (Linux-based IoT devices), Fluoride (Android), and the iOS BLE stack were all vulnerable to BLESA attacks, while the BLE stack in Windows devices was immune.

Advertisements

Apple has already released a fix but billions of Android handsets are still vulnerable.

“As of June 2020, while Apple has assigned the CVE-2020-9770 to the vulnerability and fixed it, the Android BLE implementation in our tested device (i.e., Google Pixel XL running Android 10) is still vulnerable,” researchers said in a paper published last month.

Many IoT devices are not designs to be updated and may vulnerable forever.

See the hack demoed below:

The full “BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy” paper can be read here [PDFPDF].

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.