A research team at Purdue University in the USA has discovered a new vulnerability in Bluetooth that puts billions of devices at risk. The vulnerability allowed hackers to send fake data to devices.
Technological devices such as billions of smartphones, tablets, laptops and ecosystem devices that we use every day for various purposes use Bluetooth technology. However, a new type of attack called BLESA (Bluetooth Low Energy Spoofing Attack) endangered the security of all Bluetooth devices.
The new vulnerability affects devices running the BLE (Bluetooth Low Energy) protocol, which conserves battery power to maintain the connection for the longest time during the Bluetooth connection. The vulnerability was discovered by seven researchers from Purdue University in the USA.
There were two different errors during reconnection:
Seven researchers focused on the ‘reconnection’ process in their work. This process happens after the two BLE devices (client and server) authenticated each other during the pairing process. Researchers discovered the new vulnerability during this process.
Normally, two BLE devices were checking each other’s cryptographic key during reconnection. But the research team found that the official BLE definition did not actually have a strong enough language to explain the reconnection process. As a result, two systemic errors manifested themselves in the BLE software:
Verification on reconnection is optional rather than mandatory.
Authentication can potentially be circumvented if the user’s device fails to force the IoT device to authenticate the transmitted data.
These two errors we saw were opening the door for the BLESA attack. Hackers were able to bypass reconnection verifications due to errors in BLE and send fake data to the device. If the error caused an attack, you can take a look at the video above and taken by the researchers.
According to the statement made by the researchers, this vulnerability in BLE has not been used by hackers in real terms until now. Researchers found that BlueZ (Linux-based IoT devices), Fluoride (Android), and iOS BLE stacks are vulnerable to BLESA attack. Windows devices, on the other hand, were resistant to this attack.
Apple has closed the gap addressed as CVE-2020-9770 as of June 2020. But researchers announced in their article published last month that Android BLE is still vulnerable on the devices they test (Google Pixel XL). BlueZ developer team stated that they will take action to prevent the BLESA attack.