Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices – Experts Reaction

Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to capture sensitive data from the other device. The bugs allow Bluetooth Impersonation Attacks (BIAS) on everything from internet of things (IoT) gadgets to phones to laptops, according to researchers at the École Polytechnique Fédérale de Lausanne (EPFL) in France. The flaws are not yet patched in the specification, though some affected vendors may have implemented workarounds.


EXPERTS COMMENTS
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
May 21, 2020
Phone manufacturers may have updated their devices to fix the Bluetooth security issue.
Security vulnerabilities like this Bluetooth vulnerability should reinforce the need among developers to require strong encryption for any data connection between devices. This will prevent bad actors from intercepting or impersonating connections between devices to steal precious personal data, such as that being shared by COVID-19 contact-tracing apps. As some phone manufacturers may have updat ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
May 21, 2020
However, the saving grace for many is that in order to work, the attacker has to be within Bluetooth range.
This is an interesting flaw that has been discovered, and one for which vendors should seek to provide patches for. However, the saving grace for many is that in order to work, the attacker has to be within Bluetooth range. This significantly limits the types of attacks that can be conducted, and requires the attacker to more or less be physically present. For most organisations, this reduces th ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article