Smartphone close up shows Bluetooth authentication bug that allows impersonation attacks

Bluetooth Authentication Bug Allows Impersonation Attacks on All Popular Devices

A Bluetooth bug affecting major devices allows attackers to spoof paired devices and steal sensitive data. The Bluetooth authentication bug allows hackers to connect a rogue device by impersonating a trusted device. The Bluetooth Impersonation Attacks (BIAS) affect all types of devices that support Bluetooth Classic, including the Internet of Things (IoT) devices, smartphones, and laptops. The bug has no patch available according to researchers from École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland, who discovered the vulnerability. The researchers tested 28 Bluetooth chips, and all were affected by the flaw. Bluetooth chips from Cypress, Qualcomm, Apple, Intel, Samsung, and CSR were all vulnerable to the attacks.

The nature of the Bluetooth authentication bug

The authentication bug exists in the pairing and bonding protocols used in the faulty chipsets. When unique Bluetooth devices were pairing, they exchange a persistent encryption key that is stored in the devices. When the paired devices connect for the subsequent time, they skip the lengthy pairing process by checking the stored Bluetooth authentication key. The Bluetooth authentication procedure uses either the Legacy Secure Connections or Secure Connections protocols defined in the Bluetooth specification. The Bluetooth protocol checks for both devices’ Bluetooth address as well as the encryption key. Although attackers could change their Bluetooth address to mimic one of the devices, they cannot forge the long-term key stored on any of the devices. However, the Bluetooth Secure Connection is neither encrypted nor integrity-protected.

Additionally, the Legacy Secure Connections does not require mutual authentication and devices can switch roles unexpectedly after baseband paging completes. Lastly, devices paired using Secure Connection can use Legacy Secure Connection while connecting for the second and subsequent times. This leaves the devices vulnerable to various types of attacks, especially for devices that paired using the Legacy Secure Connection.

Bluetooth Impersonation Attacks (BIAS)

One form of Bluetooth impersonation attacks could take place when a rogue device pretends to be a paired device, sends a connection challenge, and receives a response calculated from the address and the long-term key. The requested device does not need to calculate whether the rogue device knows the long-term key before accepting the connection.

Switching between master and slave roles

A second scenario involves the switching between the master and the slave roles of the devices before the Bluetooth authentication completes. A threat actor can start as a slave and then switch to a master after the baseband paging completes. In this scenario, the attacker connects without having to complete Bluetooth authentication.

These forms of Bluetooth authentication impersonation attacks affect all devices, including newer ones, because of the ability to downgrade connections. This happens when the attacker lies that the requesting device does not support the Secure Connection to force the other device to use the insecure Legacy Secure Connection. Both devices are therefore forced to use the legacy connection that allows the attacker to bypass the Bluetooth authentication process.

BIAS and Key Negotiation of Bluetooth (KNOB) attacks

The Bluetooth impersonation attacks could also be combined with the Key Negotiation of Bluetooth (KNOB) attacks. KNOB attacks force two or more devices to agree on an encryption key with reduced bytes of entropy. Such devices can be tricked to accept as little as one byte. When the length of the key is reduced, the attacker could easily perform brute force attacks and discover the key used for the encryption. The attacker could, therefore, impersonate a Bluetooth device, perform Bluetooth authentication without having the link key, and establish a secure connection. If the attack fails, the intruder will still appear to be authenticated by the participating devices. The attacker could perform this coercion through an injection attack without participating in the Bluetooth authentication process.

Remedy for Bluetooth impersonation attacks

The Bluetooth Special Interest Group (SIG) will alter the Bluetooth specification to define when role-switching can take place to prevent impersonation attacks. The group also seeks to introduce mutual authentication requirements as well as checks for connection types to prevent connection downgrade attacks. SIG also recommends that device manufacturers ban encryption key lengths of below seven octets as well as force Secure Connection mode when available. This would prevent newer devices from being compelled to use legacy connections when they are capable of completing the pairing process using the newer protocol. They warned that any standard Bluetooth device not updated after December 2019 remains vulnerable to impersonation attacks.

Javvad Malik, Security Awareness Advocate at KnowBe4 says the bug should be a priority for vendors to patch.

“This is an interesting flaw that has been discovered, and one for which vendors should seek to provide patches for.”

He however, points out that the vulnerability poses reduced threat because of the nature of Bluetooth connections.

“The saving grace for many is that in order to work, the attacker has to be within Bluetooth range. This significantly limits the types of attacks that can be conducted, and requires the attacker to more or less be physically present. For most organizations, this reduces the risk and will likely be a lower priority to fix.”

Lamar Bailey, senior director of security research at Tripwire reiterates that the attack is more difficult to execute compared to other forms of threats.

“Bluetooth is widely popular and included in millions of devices so it has become the target of research and exploitation in the recent years. The attacks in this paper use some defects in the protocol to impersonate a trusted device. As bad as this sounds there are still several factors to consider that make this a lot harder to exploit. The attacker must be within Bluetooth range which is typically 100m (33 ft) for most devices with some Bluetooth 5 devices at 240 meters. The attacker must also know the Bluetooth address of a previously paired device. These requirements make wide spread attacks very unlikely.”

He adds that random drive-by attacks are unlikely because of the need for proximity and the knowledge of the addresses of previously paired devices. He noted that attacks were still possible when a targeted device was monitored for some time before carrying out the attack when the device comes within range. He concluded that data could still be harvested by an internet-enabled popular Bluetooth device.

“If an organization could make or exploit a Bluetooth device that became widely popular (like a new smart thermostat) that used Bluetooth for control and the device called home over the internet it would be possible to harvest access to a large network of devices.”