BIAS Bluetooth Vulnerability

Security researchers have released details of a vulnerability affecting the Bluetooth Classic core standard, including Basic Rate (BR) and Enhanced Data Rate (EDR) configurations. They claim that a user in communication range could perform what they call a Bluetooth Impersonation Attack (BIAS) to spoof previously paired devices, allowing them full access to the affected device.

Threat ID:: CC-3467
Category:
Threat Severity:: Low
Threat Vector:
Published:: 21 May 2020 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Affected platforms

The following platforms are known to be affected:

Bluetooth

Bluetooth Classic - All versions

Threat details

The vulnerability is a result of the Secure Simple Pairing (SSP) method used by Bluetooth not encrypting data during initial set-up of a connection and not authenticating previously legitimate connections. An attacker in wireless range could intercept this data during the initial connection and force the target device to downgrade its authentication link. They can then initiate a master-slave switch with the target device, effectively reversing the connection and causing the target device to attempt a connection to the attacker.

For further information:

Remediation steps

Type	Step
	The Bluetooth Special interest Group (SIG) has confirmed that the Bluetooth Classic specification has been updated to address this vulnerability, with the updated specification now available for vendor to integrate with their products. Affected organisations are encouraged to apply any recommended updates from their relevant suppliers immediately.

Last edited: 29 June 2021 12:01 pm