Some smartphones, laptops, IoT devices are
vulnerable to short-range attacks via Bluetooth. Vulnerability impacts the
classic version of the Bluetooth protocol (Bluetooth BR/ERD) in Apple, Intel, Samsung,
Nokia, LG devices. Not only smartphones can be attacked but also laptops,
tablets, headsets etc.
Called Bluetooth Impersonation Attacks (BIAS),
the attack allows send and request data. It can be performed using any lo-cost
equipment, even Raspberry Pi.
Attackers pretend to be a trusted device and
support only unilateral authentication. Victim’s device agrees to pair with
attacker’s device. Then, due to the bug found in the post-bonding
authentication process, device accepts another request from attacker sent to take
over control of the authentication process.
At this time vendors of Bluetooth devices
expect to fix the issue. If you are worried to be attacked, try to keep your
Bluetooth off when not using it.
No comments:
Post a Comment