The new BLESA Bluetooth security flaw can keep billions of devices vulnerable

Billions of smartphones, tablets, laptops, and IoT devices are now using Bluetooth software stacks that are potentially susceptible to a new security flaw. Titled as BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability was identified in the summers and said to impact devices running the Bluetooth Low Energy (BLE) protocol.

For those who are not aware, the BLE is a compact version of the traditional Bluetooth that is designed to conserve battery power without compromising on the connections. The latest Bluetooth protocol is integrated into many devices for the same reason.

However, the broad adoption of BLE has alerted the security researchers and academics who are constantly highlighting the security flaws present in the system. Just recently, a research project went underway at the Purdue University where a team of seven investigated the ‘reconnection’ process of BLE.

According to the research, the Bluetooth process takes place after two BLE devices – the client and the server have authentication to pair with each other’s devices. But the ‘reconnections’ occur when either one of the Bluetooth device moves out of the range and then moves back into the range again.

Generally, when this happens, the two BLE devices should recheck the cryptographic keys negotiated during the pairing process before reconnecting and continuing to exchange data. But the researching team said that the BLE specification didn’t contain enough language to describe the reconnection process.

As a result, the Purdue Research team concluded two systemic issues that are present in the BLE software. This includes:

· The authentication when reconnecting is optional instead of mandatory.

· The authentication can potentially be avoided if the user’s device fails to implement the IoT device to authenticate the communication.

As per the researching team, the two issues make the devices more susceptible to a BLESA attack as any attacker can bypass the reconnection verifications and send out vulnerable content.

However, Purdue researchers say that the issue has not yet made into all BLE-operated devices. The team analyzed multiple software stacks that use BLE communications and found that BlueZ (Linux-based IoT devices), Fluoride for Android and the iOS BLE stack were all vulnerable to these attacks. On the other hand, the BLE stack in Windows devices was found to be resistant to the BLESA attacks.

In June 2020, Apple has fixed the vulnerability in its devices with a CVE-2020-9770, the researchers said in the paper they published last month. However, Android BLE devices remain vulnerable as of this writing.

The BlueZ development team is also said to be working on proper codes for their set of Linux-based IoT devices, running on BLE protocol.

Unfortunately, patching all the previously sold devices may not be possible as many don’t come with a built-in update mechanism. This simply means that some devices will remain unpatched permanently. Moreover, researchers estimate that the number of devices using the vulnerable version of BLE software stacks are in billions – and without a patch, they may continue to remain in danger.




Featured Photo: Getty Images

Read next: Facebook has reportedly patched the bugs responsible for letting non-members check the members in a private group
Previous Post Next Post