Security News > 2022 > May > New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars

A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas.

"An attacker can falsely indicate the proximity of Bluetooth LE devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group said.

Relay attacks, also called two-thief attacks, are a variation of person-in-the-middle attacks in which an adversary intercepts communication between two parties, one of whom is also an attacker, and then relays it to the target device without any manipulation.

While various mitigations have been implemented to prevent relay attacks, including imposing response time limits during data exchange between any two devices communicating over BLE and triangulation-based localization techniques, the new relay attack can bypass these measures.

To mitigate such link layer relay attacks, the researchers recommend requiring additional checks beyond just inferred proximity to authenticate key fobs and other items.

After being alerted to the findings on April 4, 2022, the Bluetooth Special Interest Group acknowledged that relay attacks are a known risk and that the standard body is currently working on "More accurate ranging mechanisms."

News URL

https://thehackernews.com/2022/05/new-bluetooth-hack-could-let-attackers.html