A critical flaw found in Bluetooth Low Energy (BLE) receivers may grant cyber criminals entry to anything from personal devices, such as phones or laptops, to even cars and houses. The new findings from cybersecurity company NCC Group detail how BLE uses proximity to authenticate that the user is near the device. This has been able to be faked as part of the research, which could affect everyone from the average consumer to organizations seeking to lock the doors to their premises.
This issue is believed to be something that can’t be easily patched over or just an error in Bluetooth specification. This exploit could affect millions of people, as BLE-based proximity authentication was not originally designed for use in critical systems such as locking mechanisms in smart locks, according to NCC Group.
“What makes this powerful is not only that we can convince a Bluetooth device that we are near it—even from hundreds of miles away—but that we can do it even when the vendor has taken defensive mitigations like encryption and latency bounding to theoretically protect these communications from attackers at a distance,” said Sultan Qasim Khan, Principal Security Consultant and Researcher at NCC Group. “All it takes is 10 seconds—and these exploits can be repeated endlessly.”
How the Bluetooth exploit could already be affecting you
To start, the cybersecurity company points out that any product relying on a trusted BLE connection is vulnerable to attacks from anywhere in the world at any given time.
To quote NCC Group’s findings, “by forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt.”
These Bluetooth systems are used to lock items such as vehicles or residences that are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware, according to the cybersecurity company. As a proof of concept, it was found by Khan that a link layer relay attack conclusively defeats existing applications of BLE-based proximity authentication. This was found to affect the following devices:
One of the specified vehicles known to be affected by this exploit are the Tesla Models 3 and Y.
“This research circumvents typical countermeasures against remote adversarial vehicle unlocking, and changes the way engineers and consumers alike need to think about the security of Bluetooth Low Energy communications,” Khan added. “It’s not a good idea to trade security for convenience—we need better safeguards against such attacks.”
To assist users with avoiding being the next victims of the BLE and its shortcomings, NCC Group offers the following three tips:
Manufacturers can reduce risk by disabling proximity key functionality when the user’s phone or key fob has been stationary for a while (based on the accelerometer).
System makers should give customers the option of providing a second factor for authentication, or user presence attestation (e.g., tap an unlock button in an app on the phone).
Users of affected products should disable passive unlock functionality that does not require explicit user approval, or disable Bluetooth on mobile devices when it’s not needed.
Since the bug can be exploited from anywhere, it is crucial that users find out which of their devices uses BLE technology and disable it or at least restrict passive unlocking. For manufacturers and system makers, it could be crucial to rethink which pieces of technology are being used to unlock devices and potentially stop producing items with BLE technology since it can be easily exploited.
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday
A critical flaw found in Bluetooth Low Energy (BLE) receivers may grant cyber criminals entry to anything from personal devices, such as phones or laptops, to even cars and houses. The new findings from cybersecurity company NCC Group detail how BLE uses proximity to authenticate that the user is near the device.
While there are many vulnerabilities that cybercriminals can use to eventually exploit a system or network, the five described below proved to be especially popular in 2023.
Bluetooth LE defines 4 security levels in security mode 1: Level 1: No security (open text, meaning no authentication and no encryption)Level 2: Encryption with unauthenticated pairing. Level 3: Authenticated pairing with encryption.
The Bluetooth vulnerability arises from flaws in the implementation of the Bluetooth Classic pairing process on affected devices. It allows an attacker to connect a fake keyboard or input device to the target system without authentication or user confirmation.
One of the prominent vulnerabilities in BLE cybersecurity is device spoofing. Hackers can impersonate legitimate BLE devices, tricking users into connecting to malicious devices. This allows attackers to access sensitive data or execute malicious actions.
The healthcare sector has become a prime target for cybercriminals. As per a study, the global healthcare cybersecurity market is projected to reach 35.3 billion by 2028, emphasizing the growing recognition of the sector's vulnerability (Marketsandmarkets, 2023)1.
BLE achieves this by constantly being in 'sleep mode' until a connection is initiated. This allows BLE devices to function significantly longer than bluetooth devices because BLE is not always consuming power from the devices battery. It is only consuming power when in use and when connections are initiated.
As long it is below the frequency exposure limits set by the Federal Communications Commission (FCC), your Bluetooth device is safe for daily use. The FCC issues a Specific Absorbed Rate (SAR) or how much radio frequency energy is absorbed in the body measured in watts per kilogram (W/kg) or milliwatts per sq.
Bluetooth Low Energy can't be used to transfer data of more than Bluetooth basic rate of 1 or 2 Mbps as, for example, cellular and wifi technologies can handle.
A Bluetooth security vulnerability is a general term that describes the possibility of attackers intercepting, modifying, or reading information between two devices communicating wirelessly via Bluetooth.
Bluesnarfing. Bluesnarfing enables cybercriminals to exploit a firmware flaw in older (circa 2003) devices and gain unauthorized access and steal data from a Bluetooth device. This attack is possible when the devices have Bluetooth enabled and the “discoverable to others” mode is turned on.
One of the most significant vulnerabilities in Bluetooth technology is its ability to be intercepted by unauthorized users. Hackers can use a " Bluejacking " technique to send unsolicited messages to Bluetooth-enabled devices. This can lead to unwanted data transfer or even malware installation on the device.
The Generic Access Protocol (GAP) for a BLE connection specifies two security modes and several security levels for each mode. There are four levels of security in Security Mode 1, which uses encryption to establish security. Security Level 4 – Authenticated LE Secure Connections pairing with encryption.
The BLE protocol includes a privacy mode which uses random addresses to help achieve anonymity, but this is just one piece of the puzzle and is not enough for most applications. Random addresses can be resolvable, requiring bonding, or they can be non-resolvable.
A vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized access to a computer system. After exploiting a vulnerability, a cyberattack can run malicious code, install malware, and even steal sensitive data.
Introduction: My name is Edwin Metz, I am a fair, energetic, helpful, brave, outstanding, nice, helpful person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
