A team of security researchers from Purdue University discovered a Bluetooth Low Energy (BLE) security flaw. In their detailed report, researchers exploit the flaw using what they refer to as a BLE spoofing attack (BLESA). This BLESA attack affects billions of devices, including smartphones, laptops, tablets, and many more internet of things (IoT) devices. BLE is the primary low-energy Bluetooth communication protocol and is used to communicate data between the primary Bluetooth devices, like the ones stated above, and short-range tertiary Bluetooth devices, such as smartwatches, earbuds, smart glasses, and smart home technology. The number of BLE-enabled devices is expected to reach 5 billion by 2023.
BLESA: Bluetooth Reconnection Process
The research team found that the official BLE specification did not contain detailed information to describe the reconnection process.
The reconnection process suffers from the following two systematic issues:
- The authentication can be circumvented if the user’s BLE-enabled device fails to follow the authentication protocol.
- Authentication during the device reconnection is optional and not mandatory.
This leaves devices vulnerable to a spoofing attack, where a nearby attacker bypasses the reconnection authentication and transfers spoofed data to the BLE device, prompting automated responses from the device and permitting information flow.
Patching Nightmare
Unfortunately, patching devices using the flawed BLE system will be a nightmare. Not only will devices require a firmware patch, but the flaw itself lies within the BLE Ecosystem, meaning resolving this flaw while maintaining backward compatibility will be incredibly difficult, if not impossible.
Bluetooth attacks can be guarded against by pairing devices in controlled environments, however, defending against BLESA will be difficult since the attack preys upon the reconnection process. Attackers can deploy denial-of-service attacks to force Bluetooth connections to go offline, then push a spoofing operation during the reconnect, forcing a successful BLESA attack.
If you would like to read the research material published by Perdue University on their BLESA attack, visit https://friends.cs.purdue.edu/pubs/WOOT20.pdf.
For more news and updates from the cybersecurity world, Follow us on Facebook, & LinkedIn or Contact us. Feel free to call us 406-646-2102 or mail sales@ExcelliMatrix.com.
