Billions of bluetooth devices are vulnerable to new BIAS weakness, which may be targeted by hacks or people with malicious intent. A security flaw can be exploited to take control of any Bluetooth-connected devices on the planet.
Read More: Researchers Develop Bionic Eye Called ElectroChemical EYE as Sensitive as a Human Retina
Beware of Connecting to Bluetooth
Researchers have discovered a new vulnerability in Bluetooth wireless protocol that may affect almost all Bluetooth enabled gadgets. This includes speakers, smartphones, TVs, and anything that has Bluetooth functions. The vulnerability is referred to as Bluetooth Impersonation AttackS or named BIAS.
The BIAS attacks would be able to impact the classic version of the Bluetooth protocol and can be used by low power devices so they can transfer data known as Bluetooth Classic. The BIAS flaw links keys or long-term keys that generate when two Bluetooth devices pair for the first time. The devices then use long-term keys that are used to pair in the future automatically.
The paper details the report of the discovery, and the researchers explained extensively on how they found the bug in the post-bonding authentication procedure. This can be used by a hacker to spoof the identity of a previously paired device if successful can gain access to the device and proceed with the BIAS attack.
Read More: Samsung to Launch Galaxy S20 Tactical Edition with Military-Grade Security
What are BIAS Attacks?
"The BIAS attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted BIAS attacks on more than 28 unique Bluetooth chips (by attacking 30 different devices). At the time of writing, we were able to test chips from Cypress, Qualcomm, Apple, Intel, Samsung, and CSR. All devices that we tested were vulnerable to the BIAS attack."
Once they were able to create and disclose this major flaw in December of last year, there have already been vendors who implemented changes that are potential vulnerabilities. Not all, however, are safe, and billions are still likely to be vulnerable to these BIAS attacks.
There is a good thing in all this, however, and it's that launching a successful attack isn't as easy as it seems since the hacker should be close enough to the device to be able to pair with Bluetooth distance.
TechRadar Pro has gone out and spoken to Bluetooth Special Interest Group or SIG in regards to the BIAS attacks. A spokesperson explained in length that they closely work with developers and security research community to be able to protect all Bluetooth devices.
"The Bluetooth Special Interest Group (SIG) prioritizes security, and the specifications include a collection of features that provide developers the tools they need to secure communications between Bluetooth devices. The SIG also provides educational resources to the developer community to help them implement the appropriate level of security within their Bluetooth products, as well as a vulnerability response program that works with the security research community to address vulnerabilities identified within Bluetooth specifications in a responsible manner."
