Nasty Bluetooth Flaw Hits Billions of Devices — What to Do Now

Nasty Bluetooth Flaw Hits Billions of Devices — What to Do Now

A flaw in an older version of the Bluetooth protocol allows hackers to pair their devices with yours. Affected devices include, but are not limited to, iPhone, Pixels, and Samsung Galaxy phones; Lenovo, Apple, and HP laptops; and headphones from Sennheiser, Philips, and Plantronics.

The flaw allows what the European academic researchers who discovered it call "Bluetooth Impersonation Attacks," or "BIAS" for short. An attacker's device can impersonate a device that is already paired with yours and automatically connect to it.

You will want to update the software and firmware of your Bluetooth device as soon as possible, but whether that will solve the problem depends on the device manufacturer.

Once connected, attackers can steal information and take control of your phone, tablet, laptop, or headphones.

"After disclosing our attack to the industry in December 2019, some vendors may have implemented workarounds for the vulnerability in their devices," the researchers said in a blog post yesterday (May 19).

"In short, if your device has not been updated since December 2019, it is likely vulnerable. Devices updated after that date may have been fixed."

Here is a rather fascinating narrated video by researcher Daniele Antonioli of the Lausanne University of Technology in Switzerland explaining how the attack works.

Antonioli and his colleagues tested 31 devices directly and found them vulnerable to BIAS attacks. The researchers imply that they were unable to find a completely secure gadget, but it is not clear if any devices were tested and found not to be vulnerable.

"Our attack works even when the victim is using Bluetooth's strongest security mode," their academic research paper states.

"Because our attack targets the standardized Bluetooth authentication procedure, it works against any Bluetooth device that is compliant with the standard.

In other words, "the existence of a single vulnerability in the security mechanisms defined in the standard is enough to expose billions of exploitable devices."

The only device that even partially protected itself was a 2015 Lenovo wireless mouse, available on eBay for about $30.

Vulnerable smartphones and tablets include Apple's iPhone 8, iPhone 7 Plus, iPhone 6, iPhone 5s, 2018 and 2010 iPads, Google's Pixel 3, Pixel 2, Nexus 5, and Samsung's Galaxy S5 mini, Galaxy J5, Galaxy J3 2017 and 2016 models, Nokia's 7, X6, Lumia 530, OnePlus 6, LG K4, and Motorola's G3 were included.

Laptops identified as vulnerable included the Lenovo ThinkPad L930, 3rd generation ThinkPad X1, ThinkPad X230, IdeaPad U430, 2017 Apple MacBook Pro, HP ProBook 430 G3

Brittleness.

Other devices proven vulnerable include the Lenovo ThinkPad 41U5008 wireless mouse, Sennheiser PXC 550, Plantronics Backbeat 903+, and Philips SHB7250 wireless headphones, Raspberry Pi 3B+ mini board computer included.

The researchers found Bluetooth flaws in 30 different devices. However, because the flaw is not in the devices themselves, but in the embedded Bluetooth chips used in various brands and devices, it is likely that hundreds more models from unknown manufacturers have similar vulnerabilities.

The 28 Bluetooth chips in devices with proven vulnerabilities include the widely used Qualcomm Snapdragon 845, 835, 636, 630, 410, 210, 200 system-on-chip, Samsung Exynos 7570, 3475, and 3470 SoCs; Intel's 9560, 8260, 7265, 6205, and 1280 wireless network adapters; and wireless chips from Apple, Cypress, and Cambridge Silicon Radio.

For example, phones that use Qualcomm's Snapdragon 845 but were not tested in this study include Samsung's Galaxy S9, S9+, and Note 9; LG's G7, V35, and V40; and Sony's Xperia XZ2 and XZ3. Other system-on-chips that were not tested may also be vulnerable to BIAS attacks.

Similarly, both the original iPad released in 2010 and its offspring iPad released in 2018 are vulnerable, indicating that other iPad models may also be vulnerable.

The Bluetooth Special Interests Group, which oversees the development of the wireless standard, said it is updating the Bluetooth core specification to fix the flaw.

"The Bluetooth SIG is also widely communicating details about the vulnerability and how to address it to its member companies and urging them to quickly integrate the necessary patches," the group's statement said. As always, Bluetooth users should ensure that they have installed the latest updates recommended by their device and operating system manufacturers."

Antonioli's colleagues in the study are Nils Ole Tippenhauer of the CISPA Helmholtz Information Security Center in Germany and Kasper Rasmussen of the Department of Computer Science at Oxford University. The full text of their research paper can be found here.

.

Categories