Your Bluetooth may be exposing your devices to cyber threats
Bluetooth, one of the world’s oldest wireless sharing technologies, could be leaving your devices exposed to cyber attacks, according to a new research paper by researchers from Singapore University.
The research titled ‘BrakTooth: Causing Havoc on Bluetooth Link Manager’ found that both Android smartphones and Windows with Bluetooth are exposed to a new set of vulnerabilities. The flaw is persistent in several microprocessors which are used by some of the top technology brands in the world including Intel, Qualcomm, Texas Instruments, Infineon (Cypress), and Silicon Labs. more specifically, major laptop vendors from Microsoft, Asus, Dell, and HP, etc. are using the affected Intel chipset (Intel AX200). Concurrently, the affected Qualcomm chipsets (WCN3990/8) are used by major smartphones and tablet vendors such as Samsung, Sony, and Xiaomi.
To be sure, Bluetooth is any high-speed low powered wireless technology link that is designed to connect phones or other portable equipment together. It is a specification for the use of low-power radio communications to link phones, computers, and other network devices over short distances without wires. Wireless signals transmitted with Bluetooth cover short distances, typically up to 30 feet (10 meters).
The vulnerability found by the research is estimated to affect more than one billion devices that use Bluetooth. The researchers checked a total of 13 chips from 11 vendors and found the potential damage to a device through BrakTooth largely depends on the type of device and the chipset it uses. The vulnerabilities are collectively named ‘BrakTooth’.
According to the research, the vulnerabilities allow an attacker to remotely shut down a Bluetooth-enabled device. For example, certain vulnerabilities allow an attacker to remotely shut down a headset or speaker. This means when a user is listening to audio from a laptop using the headset or speaker, they can experience the audio cut abruptly. The attacks can be launched continuously, which, in turn, can impair the user’s listening experience.
The more serious vulnerabilities allow for arbitrary code execution in an embedded controller. An arbitrary code execution allows an attacker to remotely execute a chosen code in the target device. For example, the attacker can remotely delete all data in the target device’s memory. Apart from affecting most major laptops, smartphones, and tablets, the vulnerabilities also impact a range of other products such as industrial automation, automotive infotainment systems, aircraft entertainment systems, speakers and headsets, etc.
This is not the first time that research has found serious vulnerabilities with Bluetooth. Earlier in the year, researchers at ANSSI, France’s national cybersecurity agency said it uncovered similar flaws in Bluetooth pairing and protocols. In a paper titled ‘BlueMirror: Reflections on the Bluetooth Pairing and Provision Protocols’, a total of six flaws were uncovered.
According to ANSSI in the paper, an attacker within the wireless range of the vulnerable Bluetooth devices could use a specially crafted device to exploit the vulnerabilities. Depending on the vulnerabilities exploited, a successful attack could lead to an impersonation attack, AuthValue disclosure, or man-in-the-middle attack.
A Bluetooth Impersonation Attacks (BIAS) allows a cyber criminal to establish a secure connection with a victim, without having to know and authenticate the long-term key shared between the victims, thus effectively bypassing Bluetooth’s authentication mechanism.
“To confirm that the BIAS attacks are practical we successfully conduct them against 31 Bluetooth devices (28 unique Bluetooth chips) from major hardware and software vendors, implementing all the major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR,” the researchers at ANSSI said.
In 2020, a team of researchers at Purdue University, US, found that using what it calls Bluetooth Low Energy Spoofing Attack, could send spoofed data to a vulnerable device, causing various shenanigans. The attack focuses on the Bluetooth protocol’s reconnection process rather than more common pairing vulnerabilities. The team said that an Android connected to many internet of things (IoT) devices are susceptible.
Why is Bluetooth difficult to protect? The answer is in the complex protocol.
“When you look at the Bluetooth standard, it’s like 3,000 pages long- if you compare that to other wireless protocols like WiFi, for example, Bluetooth is like 10 times longer,’ Ben Sari, vice president of research at embedded device security firm Armi, said in an interview with Wired. “The Bluetooth SIG tried to do something very comprehensive that fits many various needs, but the complexity means it’s really hard to know how you should use it if you’re a manufacturer.”
Bluetooth is not a single protocol but is made of different protocols seven to be exact. Each of these protocols works at different parts of Bluetooth completing the Bluetooth configuration.
Bluetooth Low Energy (BLE) is a condensed version of the protocol for devices that have limited computing and power resources. Both Bluetooth and BLE open up a channel for two devices to communicate – an extremely useful arrangement, but one that also opens the door for dangerous interactions, without strong cryptographic authentication checks, malicious third parties can use Bluetooth and BLE to connect to a device they shouldn’t have access to, or trick targets into thinking their rogue device is a trusted one.
Experts say the best way to protect yourself from an attack through your Bluetooth is simply to switch it off when it is not in use.