From BIAS to Sweyntooth: Eight Bluetooth Threats to Network Security

While Bluetooth has revolutionized hands-free communications, it is not without its faults, particularly in regards to security. Bluetooth has a history of vulnerabilities that continues to put corporations at risk of a major security breach. The vulnerabilities provide an entry point for attackers to read encrypted conversations, disable and/or deadlock devices, and even remotely take over devices.

Dangers of Bluetooth Attacks

There have been many noteworthy Bluetooth vulnerability discoveries in recent years and the sophistication of the attacks will only evolve. Disturbingly, hackers no longer need to be nearby the devices to carry out their exploits.

Bluetooth was designed for short-range communications, but because they contain radios, cyber thieves can exploit a system remotely and then leverage that system’s Bluetooth interface to launch an attack. In this capacity, it is possible for an attacker to not only run these attacks remotely while in close proximity, but also conduct them from much further away using low-cost equipment.

As a result of an attackers’ ability to implement remote attacks via radio, the increasing threat from Bluetooth devices to network security is a top concern for security teams. Here are the top 8 recent Bluetooth vulnerability discoveries that organizations have had to address:

BIAS (Bluetooth Impersonation AttackS)Earlier this year, a new Bluetooth flaw dubbed BIAS was discovered with the potential to expose billions of devices to hackers. BIAS allows cyber-criminals to create an authenticated Bluetooth connection between two paired devices without needing a key.

The attacker is able to take over communication between the two devices by impersonating either end such as a mouse or a keyboard, giving the intruder inside access to the targeted device. Once inside, the masquerading attacker can then implement malicious exploits such as stealing or corrupting data.

BleedingBit The attacker can leverage Bluetooth Low Energy (BLE) implementation vulnerabilities for remote code execution and total machine take over to infiltrate networks and inject ransomware.

BlueBorne An attacker can actuate carefully constructed packets to cause buffer overflows which can be exploited for code execution. The attacker can then take over a machine running Bluetooth Classic and use it as a potential entry point for ransomware.

Bluetooth Denial of Service (DoS) Via Inquiry Flood This DoS attack targets BLE devices, running down their batteries and preventing them from answering other requests from legitimate devices. This is particularly concerning for medical devices being used in life-saving situations.

Fixed Coordinate Invalid Curve Attack Hackers can crack the encryption key for both Bluetooth and BLE because of subtle flaws in the Elliptic Curve Diffie- Hellman key exchange process. Attackers can imitate devices, inject commands and penetrate for additional security flaws.

KNOB (Key Negotiation of Bluetooth) An attacker can crack encryption on a Bluetooth conversation and then snoop to see all encrypted traffic as if it was plaintext. The attacker can erase or inject packets, and ransom or publish the captured details.

Malicious Applications Leveraging Radio Frequency Interfaces Leveraging a downloaded app, a cybercriminal can access an iPhone’s camera and microphone without permission. The attacker can then record and exfiltrate audio and video, and then ransom or publish the compromised information.

Sweyntooth An attacker within radio range can trigger deadlocks, crashes and buffer overflows or completely detour security by sending faulty packets over the air. This results in the crash of devices such as medical equipment, potentially causing harm to patients, or other IoT connected devices in offices or homes.

Combatting Bluetooth Exploits

The aforementioned Bluetooth vulnerabilities weren’t the first and certainly won’t be the last. So, how can organizations safeguard their networks from falling prey to present and future Bluetooth attacks? It won’t be easy. Bluetooth is a software and thus will likely never be vulnerability-free.

Meanwhile, Bluetooth devices are getting smaller and more difficult to prevent from entering secure facilities. As a result, organizations need to implement strict Bluetooth guidelines and adopt a robust security posture. This includes having complete visibility to identify and recognize what devices are in their facilities and infrastructure.

It is also crucial to remove unnecessary devices, components and interfaces, and to be cautious and continuously patch vulnerable devices and components. As with any security threat, vigilance and early detection are key in preventing attacks and/or limiting potential damage.

What’s Hot on Infosecurity Magazine?