Security News > 2020 > May > Bluetooth Vulnerability: BIAS
The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key.
We describe each vulnerability in detail, and we exploit them to design, implement, and evaluate master and slave impersonation attacks on both the legacy authentication procedure and the secure authentication procedure.
We refer to our attacks as Bluetooth Impersonation AttackS. Our attacks are standard compliant, and are therefore effective against any standard compliant Bluetooth device regardless the Bluetooth version, the security mode, the device manufacturer, and the implementation details.
Our attacks are stealthy because the Bluetooth standard does not require to notify end users about the outcome of an authentication procedure, or the lack of mutual authentication.
To confirm that the BIAS attacks are practical, we successfully conduct them against 31 Bluetooth devices from major hardware and software vendors, implementing all the major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR. News articles.
News URL
https://www.schneier.com/blog/archives/2020/05/bluetooth_vulne_1.html