The new BIAS Bluetooth bug can break into Apple, Intel and Samsung devices
- The BIAS bug leverages the way in which devices handle link keys or long-term keys that get generated when two Bluetooth devices pair for the first time.
Bluetooth devices like smartphones, laptops and other IoT devices are vulnerable to a new BIAS Bluetooth attack, or Bluetooth Impersonation AttackS (BIAS), according to reports. As per researchers, the new BIAS attack works against any device that have Bluetooth and can attack devices and firmware from OEMs like Apple, Intel, Samsung, Broadcom, Cypress etc.
"We use our implementation to verify that the vulnerabilities in the authentication mechanisms are indeed present in real devices, and not just a quirk of the standard. We successfully attack 31 Bluetooth devices (28 unique Bluetooth chips) from major hardware and software vendors, representing all the major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR," the researchers said in a statement.
Bluetooth tech is used for wireless communication across billions of devices and the Bluetooth standard includes a “legacy authentication procedure and a secure authentication procedure, thus allowing devices to authenticate each other with a long term key”. The BIAS bug leverages the way in which devices handle link keys or long-term keys that get generated when two Bluetooth devices pair for the first time.
"Because this attack affects basically all devices that 'speak Bluetooth,' we performed a responsible disclosure with the Bluetooth Special Interest Group (Bluetooth SIG) - the standards organisation that oversees the development of Bluetooth standards - in December 2019 to ensure that workarounds could be put in place," the researchers noted.
The Bluetooth SIG has mentioned in a press note that the Bluetooth Core Specification has been updated “to prevent BIAS attackers from downgrading the Bluetooth Classic protocol from a secure authentication method to a legacy authentication mode where the BIAS attack is successful”.
"To remedy this vulnerability, the Bluetooth SIG is updating the Bluetooth Core Specification to clarify when role switches are permitted, to require mutual authentication in legacy authentication, and to recommend checks for encryption-type to avoid a downgrade of secure connections to legacy encryption. These changes will be introduced into a future specification revision," Bluetooth SIG said in a statement.