Bluetooth, new vulnerability puts millions of PCs and smartphones at risk

Some computer scientists have discovered a vulnerability in Bluetooth found on millions of smartphones and PCs. Here are the dangers for users

All PCs and smartphones with Bluetooth chips made by Qualcomm, Apple, Broadcom, Cypress, Intel, Samsung and probably others are vulnerable and could easily be attacked by hackers. That's tens of millions of devices around the world.

The vulnerability has been dubbed BIAS (Bluetooth Impersonation AttackS) and affects the classic version of the Bluetooth protocol, also known as Basic Rate/Enhanced Data Rate, Bluetooth BR/EDR, or simply Bluetooth Classic. By exploiting this vulnerability a hacker who is close enough to a device with a vulnerable Bluetooth connection could easily succeed in taking complete control of the other device. BIAS was discovered by a team of researchers from the Swiss Federal Research Institute in Lausanne, Switzerland, the Helmholtz Center in Germany, and the University of Oxford in the UK.

Bluetooth: How the BIAS Vulnerability Works

The BIAS security flaw lies in the way Bluetooth Classic devices handle the connection key, also known as the long-term key. This key is generated when two Bluetooth devices pair for the first time: they agree on a long-term key, which they use to derive session keys for future connections without having to force device owners to re-pair each time the devices need to communicate.

Researchers have found a bug in this authentication process that can allow a malicious user to forge the identity of a previously paired device. This allows one of the devices to be paired with a third device that is unknown, but pretends to be the second (previously paired) device. Once a BIAS attack is successful, the malicious user can then take control of another Classic Bluetooth device.

BIAS vulnerability: the affected devices

The research team has successfully tested the attack on a wide range of devices, including smartphones (iPhone, Samsung, Google, Nokia, LG, Motorola), tablets (iPad), laptops (MacBook, HP Lenovo), headsets (Philips, Sennheiser) and system-on-chip boards (Raspberry Pi, Cypress). It is very likely, however, that since this is a vulnerability inherent in the Bluetooth Classic protocol itself, devices with chips from other manufacturers may also suffer.

Patch coming soon

The researchers, before making this vulnerability known, communicated it (in December 2019) to the Bluetooth Special Interest Group (Bluetooth SIG), the standards organization that oversees the development of Bluetooth standards. The SIG reported a few hours ago that they have updated the Bluetooth Core specification to prevent hackers from exploiting the BIAS flaw. Bluetooth device manufacturers are expected to implement firmware updates in the coming months to address the issue. The status and availability of these updates are currently unclear, even to the research team.