Tag Archives: Bluetooth

Unknown's avatar

The “complete collapse of Bluetooth security”

by

One day, we will have good security, but that day is not today.

So I’m behind on security. Bluetooth pairing flaw exposes devices to BIAS attacks.

Bluetooth-enabled devices including smartphones, laptops, tablets and Internet of Things (IoT) devices are vulnerable to attack due to fundamental flaws in the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) configuration.

It is a specification-level vulnerability. That means EVERY Bluetooth device is vulnerable. Some will eventually be patched; many will not. The updated specification will be available “in the future.” (That’s the best info we have.)

But how often does the software in your car’s entertainment system get updated? Are there low-energy Bluetooth devices sprinkled around that won’t get updated? Of course there are.

The title of the post comes from the Show Notes for Security Now, episode 768. The notes are at this link. The video can be found at this link. The relative part of the video starts at about 1 hour, 4 minutes and a couple of seconds in. The quote of the day…

Our attacks are “standards compliant.”

Bluetooth is in literally billions of devices.

From the researchers…

To confirm that the BIAS attacks are practical, we successfully conducted them against 31Bluetooth devices (incorporating 28 unique Bluetooth chips) from major hardware and software vendors, implementing all the major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR.

Every Bluetooth front door lock is currently vulnerable. Many, will probably remain vulnerable for all time.

Unknown's avatar

Bluetooth Is Not Secure

by

More observations on Bluetooth security from Steve Gibson. Via the Show Notes from Security Now, episode 728. Security Now! #728 – 08-20-19

Our longtime listeners will recall that I have several times observed that there is a large though brief period of inherent vulnerability during Bluetooth pairing. You have two unauthenticated devices hoping to perform a secure negotiation. It’s simply not possible to do that securely without some covert out-of-band channel. It’s just not.

There is a constant push today for everything to be easy. Easy is not secure.

You can find the video for Security Now at This Week In Tech TV. Security Now 728 – The KNOB is Broken. If you aren’t interested in all of Security Now, the bit on Bluetooth starts at 1 hour and 45 minutes from the start of this week’s episode. Also see my first posting on this vulnerability.

Unknown's avatar

Bluetooth? I’ll Keep My 3.5mm Headphone Jack, Thanks

by

This isn’t the first exploit to hit Bluetooth, and it probably won’t be the last. New Attack exploiting serious Bluetooth weakness can intercept sensitive data.

Address book syncing between a car and phone, keystroke from a keyboard, it isn’t a particular product that is vulnerable, it is the ENTIRE Bluetooth architecture.

KNOB doesn’t require an attacker to have any previously shared secret material or to observe the pairing process of the targeted devices. The exploit is invisible to Bluetooth apps and the operating system they run on, making the attack almost impossible to detect without highly specialized equipment. KNOB also exploits a weakness in the Bluetooth standard itself. That means, in all likelihood, that the vulnerability affects just about every device that’s compliant with the specification. The researchers have simulated the attack on 14 different Bluetooth chips—including those from Broadcom, Apple, and Qualcomm—and found all of them to be vulnerable.

Architectural level problems are the hardest to fix, though several companies have implemented fixes to “mitigate” the issue.