With the ever-changing technology, the war against hackers and those intent upon malicious data theft are eternal. Fighting them is like fighting a many-headed monster, which, each time a neck is severed, sprouts a head even cleverer than before. This is once again proven with the new Bluetooth vulnerability that has put billions of devices on the risk of getting hacked.
A new security flaw in the Bluetooth software stack is discovered during the summer. It has the potential to affect billions of smartphones, laptops and IoT devices using the Bluetooth Low Energy (BLE) protocol which eventually opens up a potential gateway to valuable data losses.
The new vulnerability has been abbreviated BLESA (Bluetooth Low Energy Spoofing Attack) by the team of seven academic researchers at Purdue University who first brought it to light over the course of their research during the summer.
The issue differs from the recently discovered BLURtooth vulnerability though. In the BLESA process, two previously paired Bluetooth devices reconnect and involves both devices checking each other’s cryptographic keys to reconnect. As per the research now, the standard in the software means the checking part isn’t compulsory.
Going into the specifics, the software standard present, sets authentication during a reconnect as optional, thereby opening the door to an attack. Not only this, the authentication part can be circumvented if a BLE device fails to force another device to authenticate cryptographic keys while reconnecting.
As a result of this newfound problem, billions of devices could be vulnerable to BLESA attacks where any nearby attacker could bypass reconnection verification, sending spoofed or malicious data to the targeted BLE device. Both humans and automated processes are placed at risk to make incorrect decisions when it comes to allowing two devices to reconnect with one another.
BLE has been even more popularly adopted over the past decade, owing to its battery saving capabilities. It has acquired a near-ubiquitous technology across almost all battery-powered devices.
Security researchers and academics have also repeatedly probed BLE for security flaws across the years, often finding major issues, ever since it first surfaced.
However, one silver lining in the whole situation is that the issue does not affect all BLE real-world implementations according to Purdue’s researchers who analysed multiple software stacks across operating systems. According to the data, the researchers found that BlueZ (Linux-based IoT devices), Fluoride (Android) and the iOS BLE stack are those which are vulnerable to BLESA attacks.
While the BLE stack in Windows devices was found to be surprisingly immune, tech titan Apple fixed the vulnerability in its iOS and iPadOS 13.4. The same cannot be said of Android BLE implementation, as it is still being deemed vulnerable.
All in all, defending against most Bluetooth attacks usually means pairing devices in controlled environments. With BLESA, it ordains a much harder task, since the attack targets the more often-occurring reconnect operation.
The group of researchers have also released a paper titled “BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy”, in order to better explain how BLESA attacks can be prevented.
“To prevent BLESA, we need to secure the reconnection procedure between clients and their previously-paired server devices. We can achieve this by improving the BLE stack implementations and/or updating the BLE specification.”
Sadly, this spells a nightmare for system admins, because just like with all the previous Bluetooth bugs, patching some devices might not be an option, and all vulnerable devices are left at the mercy of their software suppliers to come up with a patch addressing the issue.
While the developers come up with a solution, the standard mobile user would do better to keep their eyes peeled for the new update. Till then, watch out for your device and stay tuned to this space for more updates.