Billions of Bluetooth Devices Vulnerable to a Glaring Security Flaw
A vulnerability was discovered in Bluetooth known as BLESA (Bluetooth Low Energy Spoofing Attack). The security risk affects all devices that support the Bluetooth Low Energy (BLE) protocol.
BLE is a less robust version of conventional Bluetooth. It’s designed to conserve battery power (hence the name) and provides ways to maintain a Bluetooth connection in lower power that are not present in the classic Bluetooth standard.
Bluetooth Low Energy saw a fairly quick widespread adoption over the past 10 years. BLE has become practically ubiquitous among just about any battery-powered device that uses Bluetooth.devices.
So, there are billions of devices out there, right now, that are vulnerable to this exploit.
BLE has, of course, been probed for possible security vulnerabilities in the past, but most previous Bluetooth security research disregarded large portions of the Bluetooth Low Energy protocol and generally focused on the pairing process.
A team of researchers at Purdue University, however, made it their mission to examine a portion of the BLE protocol that is responsible for BLE’s day-to-day operations. Before this study, this part of BLE had rarely been analyzed for security vulnerabilities.
The study focused on the process of how a BLE device reconnects to its host. It focuses on reconnection because reconnection only occurs after the pair of BLE devices have already authenticated each other during the initial pairing operation.
Reconnections happen when a Bluetooth device moves too far away from the device it was connected to. When reconnecting, each BLE device normally checks their counterparts cryptographic keys that were exchanged during the pairing process, and reconnect and continue exchanging data via BLE.