The new BIAS Bluetooth bug can break into Apple, Intel and Samsung devices

Bluetooth devices like smartphones, laptops and other IoT devices are vulnerable to a new BIAS Bluetooth attack, or Bluetooth Impersonation AttackS (BIAS), according to reports. As per researchers, the new BIAS attack works against any device that have Bluetooth and can attack devices and firmware from OEMs like Apple, Intel, Samsung, Broadcom, Cypress etc.

"We use our implementation to verify that the vulnerabilities in the authentication mechanisms are indeed present in real devices, and not just a quirk of the standard. We successfully attack 31 Bluetooth devices (28 unique Bluetooth chips) from major hardware and software vendors, representing all the major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR," the researchers said in a statement.

You may be interested in

MobilesTablets Laptops

7% OFF

Apple iPhone 15 Pro Max

• Black Titanium
• 8 GB RAM
• 256 GB Storage

₹148,900₹159,900

Buy now

23% OFF

Samsung Galaxy S23 Ultra 5G

• Green
• 12 GB RAM
• 256 GB Storage

₹115,999₹149,999

Buy now

Google Pixel 8 Pro

• Obsidian
• 12 GB RAM
• 128 GB Storage

₹106,998

Check details

Apple iPhone 15 Plus

• Black
• 6 GB RAM
• 128 GB Storage

₹87,900

Check details

35% OFF

Xiaomi Pad 6

• Mist Blue
• 6 GB RAM
• 128 GB Storage

₹25,999₹39,999

Buy now

55% OFF

Lenovo Tab M10 5G

• Abyss Blue
• 6 GB RAM
• 128 GB Storage

₹20,999₹47,000

Buy now

32% OFF

Realme Pad 2

• Imagination Grey
• 6 GB RAM
• 128 GB Storage

₹19,678₹28,999

Buy now

Honor Pad X9

• Gray
• 4 GB RAM
• 128 GB Storage

₹14,999

Check details

21% OFF

Acer Swift Go SFG14 41 NX KG3SI 002 Laptop

• Pure Silver
• 8 GB RAM
• 512 GB SSD

₹58,999₹74,999

Buy now

41% OFF

Acer Aspire 5 A515 57G Laptop

• Gray
• 16 GB RAM
• 512 GB SSD

₹52,990₹89,999

Buy now

22% OFF

Acer Aspire 3 A315 24 NX KDESI 004 Laptop

• Silver
• 8 GB RAM
• 512 GB SSD

₹33,499₹42,999

Buy now

40% OFF

Asus VivoBook 15 X515JA BQ322WS Laptop

• Transparent Silver
• 8 GB RAM
• 512 GB SSD

₹30,990₹51,990

Buy now

Bluetooth tech is used for wireless communication across billions of devices and the Bluetooth standard includes a “legacy authentication procedure and a secure authentication procedure, thus allowing devices to authenticate each other with a long term key”. The BIAS bug leverages the way in which devices handle link keys or long-term keys that get generated when two Bluetooth devices pair for the first time.

"Because this attack affects basically all devices that 'speak Bluetooth,' we performed a responsible disclosure with the Bluetooth Special Interest Group (Bluetooth SIG) - the standards organisation that oversees the development of Bluetooth standards - in December 2019 to ensure that workarounds could be put in place," the researchers noted.

The Bluetooth SIG has mentioned in a press note that the Bluetooth Core Specification has been updated “to prevent BIAS attackers from downgrading the Bluetooth Classic protocol from a secure authentication method to a legacy authentication mode where the BIAS attack is successful”.

"To remedy this vulnerability, the Bluetooth SIG is updating the Bluetooth Core Specification to clarify when role switches are permitted, to require mutual authentication in legacy authentication, and to recommend checks for encryption-type to avoid a downgrade of secure connections to legacy encryption. These changes will be introduced into a future specification revision," Bluetooth SIG said in a statement.