New vulnerabilities have been discovered in the Bluetooth Core and Mesh specifications that allow a man-in-the-middle (MitM) attack.
“Devices that support the Bluetooth Core and Mesh specifications are vulnerable to impersonation attacks and AuthValue disclosure, which could allow an attacker to impersonate a legitimate device during pairing,” the Carnegie Mellon University CERT focal point said in a notice.
Bluetooth Core and Mesh are Bluetooth specifications that define a standard that allows multiple devices to be paired simultaneously in a peer-to-peer network.
The Bluetooth Impersonation AttackS (BIAS) attack allows an attacker to establish a secure connection with an attacked device without the need to know or authenticate the long-term key exchanged by victims, bypassing the device’s authentication mechanism.
“BIAS attacks are the first issues identified related to authentication procedures when establishing a secure Bluetooth connection, switching the roles of adversaries, and lowering the level of security of connections. BIAS attacks are subtle because no user interaction is required to establish a secure Bluetooth connection, ”the researchers said.
Experts have successfully tested their attacks on 31 Bluetooth devices (28 unique Bluetooth chips) from major hardware and software vendors using all major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, and CSR.
Catch up on more articles here
Follow us on Twitter here