BLESA: The New Bluetooth Vulnerability Putting Billions of Devices At Risk

Must Read

Amazon Locks Head With The Music Industry: Twitch Letting Streamers Use Unlicensed Music!

The global e-commerce giant Amazon.com, Inc. (NASDAQ:AMZN) has upset the biggies of the music industry as one...

Mobile Internet Speed In India: From Bad To Worse [REPORT]

Languishing. And la…g…g…i…n…g. The sorry state of the desi internet in India. In a...

Happy Birthday Ma Huateng: The Man Who Owns Facebook, WhatsApp Of China

The winning horse of the Chinese internet market and one among the Chinese billionaires, though not started...

With the ever-changing technology, the war against hackers and those intent upon malicious data theft are eternal. Fighting them is like fighting a many-headed monster, which, each time a neck is severed, sprouts a head even cleverer than before. This is once again proven with the new Bluetooth vulnerability that has put billions of devices on the risk of getting hacked.

A new security flaw in the Bluetooth software stack is discovered during the summer. It has the potential to affect billions of smartphones, laptops and IoT devices using the Bluetooth Low Energy (BLE) protocol which eventually opens up a potential gateway to valuable data losses.

The new vulnerability has been abbreviated BLESA (Bluetooth Low Energy Spoofing Attack) by the team of seven academic researchers at Purdue University who first brought it to light over the course of their research during the summer.

Advertisements

The issue differs from the recently discovered BLURtooth vulnerability though. In the BLESA process, two previously paired Bluetooth devices reconnect and involves both devices checking each other’s cryptographic keys to reconnect. As per the research now, the standard in the software means the checking part isn’t compulsory.

Going into the specifics, the software standard present, sets authentication during a reconnect as optional, thereby opening the door to an attack. Not only this, the authentication part can be circumvented if a BLE device fails to force another device to authenticate cryptographic keys while reconnecting.

As a result of this newfound problem, billions of devices could be vulnerable to BLESA attacks where any nearby attacker could bypass reconnection verification, sending spoofed or malicious data to the targeted BLE device. Both humans and automated processes are placed at risk to make incorrect decisions when it comes to allowing two devices to reconnect with one another.

BLE has been even more popularly adopted over the past decade, owing to its battery saving capabilities. It has acquired a near-ubiquitous technology across almost all battery-powered devices.

Security researchers and academics have also repeatedly probed BLE for security flaws across the years, often finding major issues, ever since it first surfaced.

Advertisements

However, one silver lining in the whole situation is that the issue does not affect all BLE real-world implementations according to Purdue’s researchers who analysed multiple software stacks across operating systems. According to the data, the researchers found that BlueZ (Linux-based IoT devices), Fluoride (Android) and the iOS BLE stack are those which are vulnerable to BLESA attacks.

While the BLE stack in Windows devices was found to be surprisingly immune, tech titan Apple fixed the vulnerability in its iOS and iPadOS 13.4. The same cannot be said of Android BLE implementation, as it is still being deemed vulnerable.

All in all, defending against most Bluetooth attacks usually means pairing devices in controlled environments. With BLESA, it ordains a much harder task, since the attack targets the more often-occurring reconnect operation.

The group of researchers have also released a paper titled “BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy”, in order to better explain how BLESA attacks can be prevented.

“To prevent BLESA, we need to secure the reconnection procedure between clients and their previously-paired server devices. We can achieve this by improving the BLE stack implementations and/or updating the BLE specification.”

Sadly, this spells a nightmare for system admins, because just like with all the previous Bluetooth bugs, patching some devices might not be an option, and all vulnerable devices are left at the mercy of their software suppliers to come up with a patch addressing the issue.

While the developers come up with a solution, the standard mobile user would do better to keep their eyes peeled for the new update. Till then, watch out for your device and stay tuned to this space for more updates.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Farewell PUBG! PUBG Mobile and PUBG Mobile Lite Terminates Operations In India

Zàijiànle, lǎo péngyǒu! (good bye, old friend) Gamers, the time has come to pay...

Zuckerberg Criticises Apple For Not Letting Advertisers’ Track iPhone Users Completely!

When Apple Inc. (NASDAQ:AAPL) announced that iOS 14’s privacy-first updates would include an opt-in for iPhone users regarding apps collecting their unique...

Why Does It Make Sense For Apple To Build Their Very Own Search Engine?

Google’s sheer dominance over the search industry has remained unchallenged since its inception. But now, Apple is showing serious signs of rolling...

Samsung Overtakes Xiaomi in India: Hour of Glory or Portent of Things to Come?

The smartphone shipments in India has shattered all the previous record in Q3 2020. The crown at the top...

Happy Birthday Ma Huateng: The Man Who Owns Facebook, WhatsApp Of China

The winning horse of the Chinese internet market and one among the Chinese billionaires, though not started anything unique and innovative but executed...

Reliance Jio And Airtel Both Grab Top Spot In Customer Experience [Study]

What do winning brands have in common that the less successful ones don’t? It’s merely the fact that they adhere to the...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This