Do you have a smartphone, tablet, laptop or a “smart” device in your home? Or perhaps the better question is, how many of those devices do you have?
Whatever your number is, be aware that researchers have unearthed a potentially devastating Bluetooth flaw that leaves billions of devices all over the planet vulnerable.
The recently discovered vulnerability has been dubbed ‘BLESA’, which stands for Bluetooth Low Energy Spoofing Attack, and it impacts any device that runs the Bluetooth Low Energy protocol. BLE is a slimmed down of the original Bluetooth Classic standard protocol, and was developed mostly to conserve battery power while maintaining Bluetooth connections over long periods of time.
The fact that the lightweight protocol is so power friendly has caused it to spread like wildfire around the globe, and these days, you can find BLE protocol in just about everything.
That’s great, but it also comes at a cost. Any flaws found in such a widely used protocol are nightmares, both in terms of the aggregate risk they represent and in terms of trying to find a workable mitigation and remediation strategy. Unfortunately, that’s where we are now. At issue is the reconnection process that devices utilizing the BLE protocol go through. Reconnections occur any time a Bluetooth device moves out of range and then moves back into range later on.
What’s supposed to happen in those instances is that the two devices check each others cryptographic keys negotiated during the initial pairing process. The reality is that the authentication step during reconnection is optional, rather than mandatory. It can be circumvented if the user’s device fails to enforce the IoT device to authenticate the communicated data.
This makes it possible for a nearby attacker bypass reconnection verification and send spoofed data to a device using the BLE protocol. Spoofed (erroneous) data leads to erroneous decisions, and that can lead to big problems.
There’s no good fix for this because there are billions of potentially impacted devices. Many IoT manufacturers don’t bother with security at all, so they’re incredibly unlikely to push a fix for the issue to the devices they make, even if one was given to them.
To be clear, this type of attack hasn’t been seen in the wild yet. However, given how many vulnerable devices there are, and how unlikely the problem is to be fixed in the current generation of machines, it’s just a matter of time. Stay vigilant. It’s your only defense in this case.