Sunday, January 24, 16:26
Home security Billions of devices were attacked by Bluetooth BIAS

Billions of devices were attacked by Bluetooth BIAS

BIAS

A new attack called Bluetooth BIAS, allows intruders to deceive an already connected device and perform a successful identity check without having the connection key used for the coupling.

According to a study published by researchers at the École Polytechnique Fédérale de Lausanne (EPFL), which has the title BIAS: Bluetooth Impersonation AttackS, the Bluetooth standard contains some vulnerabilities allowing malicious agents to exploit them and "fake" a device, thus making it safe connection.     

Bluetooth BIAS Attack

The BIAS Bluetooth attack can be carried out thanks to defects to its specifications Bluetooth, so that any standard Bluetooth-compatible device is vulnerable.

For the attack to be successful, the attack device must be within the range of a vulnerable Bluetooth device, which had previously connected BR / EDR to a remote device, with a known Bluetooth address in the invader.

The investigation, published by the EPFL, cites two methods of attack. The intruder needs a remote device that was previously mapped, but without support for Secure Connections, to degrade identity security.

This would allow him to gain access to the device using the BIAS method, unless the device he is attacking is operating exclusively on Secure Connections.

If the attack is successful, o intruder can perform an identity check with the remote device. If the device receiving the attack does not authenticate with the intruder's device, it will again cause a full authentication notification, even though the connection key is not shared.

As a result, an intruder completes the secure connection installation while falsifying Bluetooth devices, without the need to know and validate the long-term key shared between the victims.

How will you protect yourself?

To repair the vulnerability, h Bluetooth SIG An update on Bluetooth core specifications will be released.

The update will be available with a future review of specifications. Until then, however, the Bluetooth SIG recommends reducing the length of the encryption key to less than 7 bytes.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Google: How to view and delete the data it collects for you

There are some companies that people do not seem to trust much - one of them is Google. The reason...

Signal: How to check if your messages are private and secure?

The Signal messaging application has suddenly gained a large number of new users, which is due to the recent "scandal" of WhatsApp, which announced ...

Instagram: How to enable notifications for specific profiles

There are some profiles on Instagram where you want to see the content they publish as soon as possible - it can be a news ...
00:01:55

NASA's historic launch pad is to be demolished

NASA's famous Mobile Launcher Platform-2 launch platform, which has been linked to the Apollo and Space Shuttle missions, ...
00:02:12

Elon Musk: Gives $ 100 million for best CO2 capture technology

https://www.youtube.com/watch?v=Y0iUZc30vj4 Ο Elon Musk δήλωσε χθες, στο λογαριασμό του στο Twitter, ότι σκοπεύει να δώσει 100 εκατομμύρια...

How can you unblock sites and services using a VPN?

The Internet is free and open to all. However, there are some sites and services whose content is blocked, which ...

Google Chrome: How to manage your extensions?

Google Chrome extensions can be very useful, as they improve your productivity when using the browser.

Intel CPUs Review: Core i7-10700 vs Core i7-10700K!

Over the years, the Intel series of processors (CPUs) introduced the series of overclocking models "K" and more recently the series ...

The DeLorean can return as an electric car

The DMC DeLorean has been out of production for almost 40 years, but it looks like the iconic vehicle will return as an electric car.

Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...