Newly discovered flaw increases risk of cyberattacks on Bluetooth devices
Increases risk of cyberattacks- Attacks that take advantage of bugs in Bluetooth devices to track user position are more likely to occur. According to Ohio State University researchers, the attackers have the ability to communicate with the network and gather a user’s personal information.
Millions of people can interact wirelessly thanks to Bluetooth on smartphones and smartwatches, whether they’re talking, messaging, purchasing, or just keeping up with sports and entertainment. Lead researcher Yue Zhang claims that this is due to a design defect in the technology. Through testing more than 50 commercially available gadgets and four Bluetooth Low Energy (BLE) development boards, which consume less energy, Zhang and his adviser Zhiqiang Lin were able to confirm the danger. They developed Bluetooth Address Tracking (BAT), an attack method, and utilized a specialized smartphone to break into devices.
To enable communication between devices, Bluetooth devices have MAC addresses, which are a collection of unique, random digits that identify them on a network. Replay attacks can be used to track a device user’s activities, even in real-time, if their MAC addresses have been compromised.
Read Also: Cyber Attack Increases to 47% YoY
According to Lin, “MAC address randomization has been utilized since 2010 to safeguard devices from being monitored by malicious actors, and Bluetooth SIG was clearly made aware of the MAC address tracking danger.”
They informed the Bluetooth Special Interest Group (SIG), which is in charge of regulating Bluetooth standards, hardware manufacturers Texas Instruments and Nordic, and makers of operating systems including Google, Apple, and Microsoft about the problem. This discovery was especially appreciated by Google, who gave the findings a high severity rating and awarded the researchers with a bug reward.
No one has ever discovered this before, according to Zhang. “We demonstrate that an attacker would be aware of your presence even if they couldn’t see you physically by broadcasting a MAC address to the device’s location.”
The “allowlist,” a new Bluetooth feature introduced in 2014, allows connected devices to be allowed while preventing private devices from connecting to unapproved ones. This function unintentionally creates a side channel that serves as a backdoor for device monitoring.
Fortunately, Zhang and Lin may have an answer. The group created a prototype called Securing Address for BLE that mitigates this threat (SABLE). This gives the randomly generated address an unexpected number set that only permits MAC addresses to utilize them once and prevents them from being followed.
Through this effort, the researchers were able to thwart intruders. The program’s drawbacks are also small, affecting battery life and general performance very somewhat.
The takeaway from this study is to evaluate earlier assumptions to see if they still hold true before adding new features to current designs, says Lin.
At the ACM Conference on Computer as well as Communications Security, Zhang presented his findings (ACM CCS 2022).
Also read: What is Bluebugging? What to do if Bluebugging occurs?
Which types of attacks are possible on Bluetooth devices?
There are several sorts of hacking, including Bluetooth, Bluejacking, Bluesnarfing, Bluebugging, and Blueprinting. The entire Bluetooth hacking operation is intended to compromise your phone and your privacy. Because Bluetooth technology lacks adequate protection, Bluetooth hacking occurs.
How is Bluetooth a security risk?
Bluetooth links and Wi-Fi networks might serve as entry points for data thieves. Thankfully, there are several strategies to lessen your risk of being a victim. The greatest method for protecting your personal data is encryption.
What is a Bluetooth attack?
One of the most common kinds of Bluetooth assaults is the blue scarf. Business cards and other objects are imported via the OBject EXchange (OBEX) protocol. If the victim’s Bluetooth driver software is installed incorrectly, the attacker can access all files on the victim’s device with an OBEX GET request.
Can Bluetooth devices get hacked?
It may be used for file sharing, media playback, and other things with just a WiFi connection. However, much like with insecure Wi-Fi networks, hackers can target your Bluetooth-enabled devices in order to steal your personal information, put malware on your computer, or send you unsolicited messages.
