BLE vulnerability may be exploited to unlock cars, smart locks, building doors, smartphones

2022-05-17 13:20

A Bluetooth Low Energy vulnerability discovered by NCC Group researchers may be used by attackers to unlock Teslas, residential smart locks, building access systems, mobile phones, laptops, and many other devices.

"Many products implement Bluetooth Low Energy-based proximity authentication, where the product unlocks or remains unlocked when a trusted BLE device is determined to be nearby," they explained, and added that the possibility of relay attacks against BLE proximity authentication has been known for years, but existing tools came with detectable levels of latency and were not capable of relaying connections employing link layer encryption.

They have successfully tested the tool and attack against Tesla Model 3 and Kwikset and Weiser Kevo smart locks.

Other devices attackers can target include laptops with a Bluetooth proximity unlock feature enabled, mobile phones, other smart locks and building access control systems, and devices for asset and medical patient tracking.

This BLE vulnerability cannot be fixed by updating the firmware, but there are things that can be done to guard against these attacks.

Even worried users of affected products can do something to protect their assets: they can either disable passive unlock functionality that does not require explicit user approval, or disable Bluetooth on mobile devices when they don't need it.

News URL

https://www.helpnetsecurity.com/2022/05/17/ble-vulnerability/

#CAR #smart #smartphone #vulnerability