According to a study published by researchers at the École Polytechnique Fédérale de Lausanne (EPFL), which has the title BIAS: Bluetooth Impersonation AttackS, the Bluetooth standard contains some vulnerabilities allowing malicious agents to exploit them and "fake" a device, thus making it safe connection.
Bluetooth BIAS Attack
For the attack to be successful, the attack device must be within the range of a vulnerable Bluetooth device, which had previously connected BR / EDR to a remote device, with a known Bluetooth address in the invader.
The investigation, published by the EPFL, cites two methods of attack. The intruder needs a remote device that was previously mapped, but without support for Secure Connections, to degrade identity security.
This would allow him to gain access to the device using the BIAS method, unless the device he is attacking is operating exclusively on Secure Connections.
If the attack is successful, o intruder can perform an identity check with the remote device. If the device receiving the attack does not authenticate with the intruder's device, it will again cause a full authentication notification, even though the connection key is not shared.
As a result, an intruder completes the secure connection installation while falsifying Bluetooth devices, without the need to know and validate the long-term key shared between the victims.
How will you protect yourself?
To repair the vulnerability, h Bluetooth SIG An update on Bluetooth core specifications will be released.
The update will be available with a future review of specifications. Until then, however, the Bluetooth SIG recommends reducing the length of the encryption key to less than 7 bytes.