Bluetooth BIAS attack; new way to hack into any laptop, smartphone or IoT device supporting Bluetooth


Millions of Smartphones, laptops, and IoT devices vulnerable to new BIAS Bluetooth attack

Due to the current pandemic situation around the globe, the cyberattackers have taken advantage of the lockdown and breaching data of big companies and selling them. Researchers have now discovered a new vulnerability in the Bluetooth wireless protocol which is used to interconnect devices and share data. Hackers have multiple ways to attack your systems and steal the data present but have you ever thought of hackers using Bluetooth attacks to breach into your system and steal data?

Hackers are using this new vulnerability named BIAS (Bluetooth Impersonation AttackS). This vulnerability impacts the classic version of the Bluetooth protocol, also known as the Basic Rate / Enhanced Data Rate. The BIAS attack works against Bluetooth devices and firmware from Apple, Broadcom, Cypress, Intel, Samsung, and others putting millions of smartphones, laptops, and Internet of Things devices at risk.

What is BIAS Attack?

The Bluetooth flaw resides in the authentication link key, the key is what you get when you pair a device while connecting to a source. This key is generated when two Bluetooth devices pair (bond) for the first time. They agree on a long-term key, which they use to derive session keys for future connections without having to force device owners to go through the long-winded pairing process every time the Bluetooth devices need to communicate.

An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. The BIAS attack could be combined with the Key Negotiation of Bluetooth (KNOB) attack to impersonate a Bluetooth device, complete authentication without possessing the link key, negotiate a session key with low entropy, establish a secure connection, and brute force the session key.

Researchers from CERT said

Once the BIAS attack cracks the keys and results as successful, the attacker gains complete access over the paired Bluetooth classic device.

What is KNOB?

The specification of Bluetooth includes an encryption key negotiation protocol that allows negotiating encryption keys with 1 Byte of entropy without protecting the integrity of the negotiation process. A remote attacker can manipulate the entropy negotiation to let any standard-compliant Bluetooth device negotiate encryption keys with 1 byte of entropy and then brute force the low entropy keys in real-time.

The KNOB (Key Negotiation of Bluetooth) attack is a vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker is able to listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired

Which devices are Vulnerable?

The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.

the reasearchers said

Additional details about the BIAS attack are available on the vulnerability’s official website, in a research paper titled “BIAS: Bluetooth Impersonation AttackS” [PDF], or the video presentation below.

Bluetooth device makers are expected to roll out firmware updates in the coming months to fix the issue.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments