A New Flaw Could Open Devices, Including iPhones, To A Bluetooth-Based Attack
A number of iPhones, iPads, Macs, and non-Apple devices are vulnerable to an attack via Bluetooth that could allow devices to appear as if they are already trusted. That, in turn, would allow them to connect to the impacted phones, tablets, and general tech illegitimately.
The security flaw has been found in Bluetooth chips produced by Intel, Qualcomm, and Samsung so is far from just an Apple problem.
Attackers simply pretend to be using a previously-paired device, fooling the target into allowing a Bluetooth connection. The method has been dubbed Bluetooth Impersonation Attacks(BIAS).
Attacks don’t need any particularly complicated equipment in order to carry out, with a common Raspberry Pi able to be the attack vector when testing was carried out by researchers.
We found and exploited a severe vulnerability in the Bluetooth BR/EDR specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker can impersonate a device towards the host after both have previously been successfully paired in absence of the attacker.
The Bluetooth Special Interest Group was already aware of the problem and is recommending vendors issue patches to plug the hole. The outfit also says that it plans to implement a fix in a more permanent way in the future.
There’s a detailed paper explaining how this all works if you’re that way inclined, with a YouTube video also running through the ins and outs, too.