What is your take on the topic ‘this Bluetooth spoofing bug affects billions of IoT devices’? It has been reported that a BLESA flaw is affecting the reconnection process between devices that occurs whenever a device goes back into range after losing pairing. Academic researchers have found what is termed to be a Bluetooth low energy vulnerability that allows spoofing attacks. These attacks could in turn affect how humans and machines implement tasks the reports shows and research shows. In the long run, these attacks could have a severe impact on billions of IoT (internet of things) the research explained further.
This Bluetooth Spoofing Bug Affects Billions Of IoT Devices
The spoofing attacks noticed arise from authentication issues in the process of reconnection between devices. This very area or aspect is often overlooked by security experts. The reconnection here often occurs whenever one of the two devices connected moves out of range and then connects again. Reconnections are something that is very rampant in IoT environments.
Therefore when a BLESA attack becomes successful. It allows for bad players and connectors to connect with an unauthorized device and then sends spoofed data to it. The malicious devices and packages in turn convince machines and devices to carry out different tasks or deviate from the original command. For humans, on the other hand, attackers could let devices share deceptive information.
The vulnerability of these malicious packets is very significant. And this is due to the wide use of the BLE protocol. Which due to its energy efficiency and simplicity is used by billions of devices in pairing and connecting. In order for the attack to be seamless. The BLE requires no user interaction or limited interaction in establishing a connection between two devices. Due to the simplicity in the process, it is unfortunately the root cause of most security issues. When an imposter discovers the server to which a BLE-enabled device is connected, it quickly pairs with it to obtain its attributes.
More On How Devices Are Affected By The Bluetooth Spoofing Bug
The BLE protocol has a lot to play here. This is because the BLE protocol is designed in such a way that it allows devices to connect to other BLE devices to get the required info. The Bluetooth low energy, therefore, goes to facilitate the attack due to the simple fact that its advertising packets are always transmitted in plain text. With this, an attacker can easily impersonate the benign server by cloning its MAC address and also advertising the same packets.
Advertising is the next phase of the attack. Here the threat or unauthorized device starts broadcasting advertising packets that are of course spoofed. This happens in a bid to ensure that whenever a client attempts to start or enter a new session with the previously paired server, it receives the spoofed advertising packets instead. At this point in time, the adversary is ready to launch BLESA against the client, the researchers quoted.
Concluding the research paper. The researcher’s outlined two distinct or critical weaknesses should I say that allows for attacks by the BLESA. One of the issues of course arises if the authentication during the reconnection process is marked as optional instead of mandatory. Here, the server and client involved may choose to disable authentication for a specific attribute. The researchers went on to further include that in the case of the basic attribute. Also, the integrity, confidentiality, and authenticity goals of the attribute-access request and response can be violated.
The other weakness occurs because specifications provide two authentication procedures when a client reconnects with a server after pairing. This means that the authentication can be circumvented. The researchers went on further to warn that attackers can use BLESA on BLE implementations on Android, Linux, and iOS platforms. Platforms that were vulnerable were the Linux-based BlueZ IoT devices, android based fluoride, and lastly the iOS BLE stacks. Windows implementations on the other hand of BLE remain unaffected.
Companies such as Apple, Google, and the BlueZ team were contacted about the vulnerabilities. Apple immediately assigned the CVE-2020-9770 to the flaw and then fixing it in June. For android devices, they however cautioned that the device they tested in the android BLE implementation still remains vulnerable. Lastly, the BlueZ development team affirmed that they would replace the code that opens its devices to BLESA attacks with fresher codes. This code makes use of proper BLE reconnection procedures that are not vulnerable to attacks.