Bluetooth Spoofing Bug Affects Billions of IoT Devices

2020-09-16 12:52

A team of academic researchers have discovered a Bluetooth Low Energy vulnerability that allows spoofing attacks that could affect the way humans and machines carry out tasks.

It potentially impacts billions of Internet of Things devices, researchers said, and remains unpatched in Android devices.

The vulnerability is particularly significant due to the ubiquity of the BLE protocol which, because of its energy efficiency and simplicity of use, is used by billions of devices to pair and connect, said the team-comprised of researchers Jianliang Wu, Yuhong, Vireshwar, Dave Tian, Antonio Bianchi, Mathias Payer and Dongyan Xu. "To ease its adoption, BLE requires limited or no user interaction to establish a connection between two devices," researchers wrote.

The BlueZ development team said it would replace the code that opens its devices to BLESA attacks with code that uses proper BLE reconnection procedures that aren't susceptible to attacks, according to researchers.

Last week, the "BLURtooth" flaw was announced, which allows attackers within wireless range to bypass authentication keys and snoop on devices in man-in-the-middle attacks.

News URL

https://threatpost.com/bluetooth-spoofing-bug-iot-devices/159291/

#bluetooth #IOT

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Bluetooth		4	0	9	7	0	16