BLESA: The New Bluetooth Vulnerability Putting Billions of Devices At Risk

Must Read

WhatsApp Might Lose 60 Million Indian Users Post Updated Policy Changes, New Survey Reveals!

The Facebook-owned instant messaging platform’s decision to update their privacy and terms of service brought about a...

Trump Administration Has Landed Its Final Blow On Chinese Companies: Xiaomi Blacklisted!

In its recent move to safeguard national security, the United States’ Trump Administration has decided to go...

Huawei Is Gunning For Acquiring A Fifth Of Android’s Userbase With Its Own HarmonyOS!

After Google’s ban on Huawei in 2019, the Chinese-origin tech company is all set to roll out...

With the ever-changing technology, the war against hackers and those intent upon malicious data theft are eternal. Fighting them is like fighting a many-headed monster, which, each time a neck is severed, sprouts a head even cleverer than before. This is once again proven with the new Bluetooth vulnerability that has put billions of devices on the risk of getting hacked.

A new security flaw in the Bluetooth software stack is discovered during the summer. It has the potential to affect billions of smartphones, laptops and IoT devices using the Bluetooth Low Energy (BLE) protocol which eventually opens up a potential gateway to valuable data losses.

The new vulnerability has been abbreviated BLESA (Bluetooth Low Energy Spoofing Attack) by the team of seven academic researchers at Purdue University who first brought it to light over the course of their research during the summer.

Advertisements

The issue differs from the recently discovered BLURtooth vulnerability though. In the BLESA process, two previously paired Bluetooth devices reconnect and involves both devices checking each other’s cryptographic keys to reconnect. As per the research now, the standard in the software means the checking part isn’t compulsory.

Going into the specifics, the software standard present, sets authentication during a reconnect as optional, thereby opening the door to an attack. Not only this, the authentication part can be circumvented if a BLE device fails to force another device to authenticate cryptographic keys while reconnecting.

As a result of this newfound problem, billions of devices could be vulnerable to BLESA attacks where any nearby attacker could bypass reconnection verification, sending spoofed or malicious data to the targeted BLE device. Both humans and automated processes are placed at risk to make incorrect decisions when it comes to allowing two devices to reconnect with one another.

BLE has been even more popularly adopted over the past decade, owing to its battery saving capabilities. It has acquired a near-ubiquitous technology across almost all battery-powered devices.

Security researchers and academics have also repeatedly probed BLE for security flaws across the years, often finding major issues, ever since it first surfaced.

Advertisements

However, one silver lining in the whole situation is that the issue does not affect all BLE real-world implementations according to Purdue’s researchers who analysed multiple software stacks across operating systems. According to the data, the researchers found that BlueZ (Linux-based IoT devices), Fluoride (Android) and the iOS BLE stack are those which are vulnerable to BLESA attacks.

While the BLE stack in Windows devices was found to be surprisingly immune, tech titan Apple fixed the vulnerability in its iOS and iPadOS 13.4. The same cannot be said of Android BLE implementation, as it is still being deemed vulnerable.

All in all, defending against most Bluetooth attacks usually means pairing devices in controlled environments. With BLESA, it ordains a much harder task, since the attack targets the more often-occurring reconnect operation.

The group of researchers have also released a paper titled “BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy”, in order to better explain how BLESA attacks can be prevented.

“To prevent BLESA, we need to secure the reconnection procedure between clients and their previously-paired server devices. We can achieve this by improving the BLE stack implementations and/or updating the BLE specification.”

Sadly, this spells a nightmare for system admins, because just like with all the previous Bluetooth bugs, patching some devices might not be an option, and all vulnerable devices are left at the mercy of their software suppliers to come up with a patch addressing the issue.

While the developers come up with a solution, the standard mobile user would do better to keep their eyes peeled for the new update. Till then, watch out for your device and stay tuned to this space for more updates.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Apple Foldable iPhone May Surprise You, But It Won’t Launch This Year!

Rumours of a foldable iPhone have long been circulating on the internet. However, until now there was...

Snapchat Spotlight: A New Way for Creators to Earn Money

Short-form video applications have increased overwhelmingly in popularity in recent times. The surge in this format of online content, according to most,...

COVID-19 Unemployment Leading To Ageing Indian Workforce, CMIE Reports

The latest data shared by the CMIE aka Centre for Monitoring Indian Economy has highlighted a huge red flag.

The Slip-Ups Keep On Coming: WhatsApp Web Users’ Mobile Data Leaked On Google

As the developments have unfolded over the past week, the clock for WhatsApp seems to be ticking with every passing minute and...

Trump Administration Has Landed Its Final Blow On Chinese Companies: Xiaomi Blacklisted!

In its recent move to safeguard national security, the United States’ Trump Administration has decided to go after China’s second-biggest smartphone marker...

Huawei Is Gunning For Acquiring A Fifth Of Android’s Userbase With Its Own HarmonyOS!

After Google’s ban on Huawei in 2019, the Chinese-origin tech company is all set to roll out HarmonyOS later in 2021 as...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This