Recently exposed BIAS Bluetooth attack, revealed Apple, Broadcom, Cypress, Intel, Samsung and other enterprises on the Bluetooth devices and firmware on the existence of serious hidden dangers. As a new vulnerability in Bluetooth wireless protocols, the researchers say, it is widely used in the interconnection of modern devices, such as smartphones, tablets, laptops, and Internet of Things devices. BIAS is known as the Bluetooth Imitation Attack, and the vulnerability stems from the classic version of the Bluetooth protocol, also known as the Base Rate/Enhanced Data Rate (Bluetooth BR/EDR).
Screenshot of the video (from: Franco Zappa PDF)
It is reported that the problem is the device on the processing of key connection (also known as long-term key). When two Bluetooth devices are first paired (bound), they can agree to generate a long-term key to avoid a lengthy pairing process each time.
Unfortunately, during the binding authentication process, the researchers found a bug. The vulnerability allows an attacker to authenticate a device that was previously paired/bound without knowing the long-term pairing keys previously agreed upon.
Once successful, the attacker can fully access or control the classic version of the Bluetooth device on the other end. The test found that the major manufacturers of smartphones, tablets, laptops, headphones, and Raspberry Pi and other on-chip systems, not all of them were spared.
BIAS – Bluetooth ImpersonatIon Attack S (via)
Given that this form of attack affects virtually all Bluetooth devices, researchers disclosed to the standard-setting Bluetooth Alliance as early as December 2019 in the hope of fixing the vulnerability in a timely manner.
Bluetooth SIG said in a press release today that it has updated Bluetooth’s core specifications to prevent BIAS identity spoofing attacks that are forced to downgrade to the classic Bluetooth protocol, and that Bluetooth device manufacturers are expected to launch firmware updates in the coming months.