New BIAS Bluetooth attack targeting Smart Devices
Academics discovered a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices.
The vulnerability, named BIAS (Bluetooth Impersonation Attacks), impacts the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR/EDR, or just Bluetooth Classic.
The BIAS security flaw resides in how devices handle the link key, also known as a long-term key.
This key is generated when two Bluetooth devices pair for the first time. They agree on a long-term key, which they use to derive session keys for future connections without having to force device owners to go through the long-winded pairing process every time the Bluetooth devices need to communicate.
Researchers said they found a bug in this post-bonding authentication process. The flaw can allow an attacker to spoof the identity of a previously paired/bonded device and successfully authenticate and connect to another device without knowing the long-term pairing key that was previously established between the two.
Once a BIAS attack is successful, the attacker can then access or take control of another Bluetooth Classic device.
In a press release, the Bluetooth SIG said they have updated the Bluetooth Core Specification to prevent BIAS attackers from downgrading the Bluetooth Classic protocol from a "secure" authentication method to a "legacy" authentication mode, where the BIAS attack is successful.
Vendors of Bluetooth devices are expected to roll out firmware updates in the coming months to fix the issue. The status and availability of these updates is currently unclear, even for the research team.