Bluetooth needs filling: smart devices found vulnerable when pairing

In theory, authentication mechanisms based on a long-term pairing key are supposed to make sure devices with the Bluetooth standard are protected against impersonation attacks. But they’re not, as the security mechanism is flawed.

Three security researchers from ETH Lausanne, the University of Oxford and the Helmholtz Centre for Information Security (CISPA) have discovered security gaps in Bluetooth and have proved this by attacking 30 devices with 28 different chips. The vulnerabilities were reported to the Bluetooth Special Interest Group (SIG) last December, who adapted the Bluetooth Core Specification accordingly.

As the security researchers' documentation shows, all Bluetooth protocols are affected. The problem is due to the fact that when pairing, only the Bluetooth master checks the correctness of the exchanged security key. There’s no mutual authentication method. The security researchers call their attack on Bluetooth Impersonation AttackS, or BIAS for short. As they explain in a short video, BIAS allows the attacker to impersonate any master or slave device.

It’s unclear whether the security vulnerabilities are or have been actively exploited. How to stay safe? Keep in mind that the reception range of Bluetooth is around ten metres. Whether and when manufacturers will provide or have already provided firmware to patch the gaps is currently unknown. If your device hasn’t been updated since December 2019, it’s likely vulnerable. If it has been updated, your device might or might not be affected – there’s no way to tell due to a lack of information from the manufacturers.