Security News > 2020 > May > New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

Academics from École Polytechnique Fédérale de Lausanne disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.

The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate and Enhanced Data Rate for wireless data transfer between devices.

The BIAS Attack For BIAS to be successful, an attacking device would need to be within the wireless range of a vulnerable Bluetooth device that has previously established a BR/EDR connection with another Bluetooth device whose address is known to the attacker.

The flaw stems from how two previously paired devices handle the long term key, also known as link key, that's used to mutually authenticate the devices and activate a secure connection between them.

Devices Not Updated Since December 2019 Affected With most standard-compliant Bluetooth devices impacted by the vulnerability, the researchers said they tested the attack against as many as 30 devices, including smartphones, tablets, laptops, headphones, and single-board computers such as Raspberry Pi. All the devices were found to be vulnerable to BIAS attacks.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/jbyug0Ugy9A/hacking-bluetooth-vulnerability.html