Tuesday, October 27, 18:45
Home security Bluetooth reconnection error leads to spoofing attacks!

Bluetooth reconnection error leads to spoofing attacks!

A team of researchers from the Training and Research Center for Information Security and Safety (CERIAS) at Purdue University, recently discovered an error, which affects many IoT devices that use Bluetooth and can even lead to spoofing attacks. Bluetooth Low Energy (BLE) is the most widely used low power communication protocol for mobile and IoT devices. Consulting firm ABI estimates that sales of low-power Bluetooth (BLE) devices will triple by 2023, to more than 1,5 billion annual sales.

BLE devices rely on pairing, a critical process, to build "trust" between two devices the first time they are connected. After pairing, reconnections between BLE devices are often transparent to the user.

The error lies in the reconnection procedures for already paired BLE devices. And reconnections often occur in typical usage scenarios, according to Jianliang Wu, a PhD student at PurSec Lab at Purdue University and one of the project's lead researchers.

Bluetooth error

Bluetooth devices often move out of range and then return to an area while restoring a connection with devices that had already been paired. All this continues without user notification. Research focuses on this very process of reconnection. In particular, the researchers tried to look at the reconnection process for possible errors initially theoretically analyzed the reconnection process, carrying out the formal verification of the connection procedures proposed in the latest BLE specification.

The investigation revealed two critical ones BLE design weaknesses:

  • For some BLE devices, authentication when reconnecting the device is optional and not mandatory.
  • For other BLE devices, authentication may be bypassed if the user's device fails to force the IoT device to authenticate the transferred data.

After discovering design flaws in the BLE specification, the researchers analyzed key BLE stack applications, including BLE protocol stacks on Linux, Android, iOS and Windows, to see if the devices were vulnerable to security errors. Three of the devices tested were likely to be vulnerable, as they failed to ensure that the connected IoT device authenticated its data and accepted unauthorized data.

The researchers said that this error has a wide impact on major platforms that support BLE communications, including Linux, Android and iOS. They added that according to a recent study, more than 1 billion BLE devices do not use application-level security, which could provide a second line of defense. In addition, at least 8.000 Android BLE applications with approximately 2,5 billion installations read data from BLE devices in plaintext. Similar numbers may apply to applications iOS. The researchers concluded that this error could affect more than 1 billion BLE devices and more than 15.000 BLE applications. The researchers also reported the results of their research to Google and Apple who confirmed the error. The results of the research will be officially presented at the 14th USENIX Workshop on Offensive Technologies (WOOT 2020) to be held in August.


The researchers also said that intruders could carry out spoofing attacks and falsify the IoT device, falsify malicious data that corresponds to it, and send fake data to the user's device. In particular, design imperfections and errors allow invaders bypass authentication on BLE reconnections, which can lead to spoofing attacks on the user's devices. In addition, intruders can easily falsify all IoT device data that is not protected by application-level authentication.

This could have many consequences, according to the researchers. For example, malicious typing could be introduced in smartphone or on the desktop when reconnected to a BLE keyboard. In addition, a fake glucose level value can be injected into the smartphone while the user reads data from a BLE monitor that displays glucose levels. Fake fitness data can be retrieved by the user when reconnected to a fitness tracker.

To avoid potential spoofing attacks, both the BLE specification and current BLE stack implementations on Linux, Android, and iOS need to be updated to ensure the reconnection process. Finally, users need to install the latest firmware version to apply the required security patches and fix bugs. It is worth mentioning that Apple has already fixed the problem in iOS 13.4 and iPadOS 13.4.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to install a .watchface file on Apple Watch

The Apple Watch lets you customize the faces of the watch to display all kinds of useful information. But did you know ...

The five biggest data breaches of the 21st century

Data is becoming more and more sought after as our daily lives become more digitized. The technology giants that monopolize data are ...

Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...