Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices.
The vulnerability, codenamed BIAS (Bluetooth Impersonation AttackS), impacts the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR/EDR, or just Bluetooth Classic. [....]
The research team said they tested the attack against a wide range of devices, including smartphones (iPhone, Samsung, Google, Nokia, LG, Motorola), tablets (iPad), laptops (MacBook, HP Lenovo), headphones (Philips, Sennheiser), and system-on-chip boards (Raspberry Pi, Cypress).
"At the time of writing, we were able to test [Bluetooth] chips from Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All devices that we tested were vulnerable to the BIAS attack," researchers said. "Because this attack affects basically all devices that 'speak Bluetooth,' we performed a responsible disclosure with the Bluetooth Special Interest Group (Bluetooth SIG) - the standards organisation that oversees the development of Bluetooth standards - in December 2019 to ensure that workarounds could be put in place," the team added.
In a press release published today, the Bluetooth SIG said they have updated the Bluetooth Core Specification to prevent BIAS attackers from downgrading the Bluetooth Classic protocol from a "secure" authentication method to a "legacy" authentication mode, where the BIAS attack is successful.
Vendors of Bluetooth devices are expected to roll out firmware updates in the coming months to fix the issue. The status and availability of these updates is currently unclear, even for the research team.