Researchers at Purdue University revealed details about a new vulnerability in the Bluetooth wireless standard that could potentially expose billions of devices to attackers. The new vulnerability has been named Bluetooth Low Energy Spoofing Attack or BLESA for short.
The vulnerability is a risk because of its relation to the reconnection process in the BLE software stack.
The process described is one where two Bluetooth devices that have been previously paired and check each other’s cryptographic keys to reconnect again. As the research indicates, the verification of the keys may not be compulsory.
A security problem in select places
The authentication is set as optional by the software, in case of reconnection. That is where the exploit emerges. Authentication is not foolproof as it can be hacked if a BLE device fails to enforce the authentication of the cryptographic keys on the other device during reconnection.
The vulnerability is not present in all BLE iterations, with versions used in Windows appearing to be immune. Versions vulnerable include the Linux version of BLE named BlueZ, which is used for the ‘Internet of Things’ devices, Android, Flouride, and the iOS BLE stack.
Apple said that they had fixed the vulnerability in iOS and iPadOS 13.4. However, Android BLE is still exposed.
Potentially dangerous implications
The vulnerability could be extensive, given that Android devices exist in the billions. The range of attacks can range in severity, depending on what kind of information potential victims of attacks may be sending through Bluetooth.
Unfortunately, like other previous Bluetooth bugs, sysadmins now have to deal with the nightmare of trying to patch all the devices affected and only when a patch is available.