Blog

Bluetooth Vulnerability Could Affect The Majority Of Devices

Sep 23, 2020 | Blog

Do you have a smartphone, tablet, laptop or a “smart” device in your home? Or perhaps the better question is, how many of those devices do you have?

Whatever your number is, be aware that researchers have unearthed a potentially devastating Bluetooth flaw that leaves billions of devices all over the planet vulnerable.

The recently discovered vulnerability has been dubbed ‘BLESA’, which stands for Bluetooth Low Energy Spoofing Attack, and it impacts any device that runs the Bluetooth Low Energy protocol. BLE is a slimmed down of the original Bluetooth Classic standard protocol, and was developed mostly to conserve battery power while maintaining Bluetooth connections over long periods of time.

The fact that the lightweight protocol is so power friendly has caused it to spread like wildfire around the globe, and these days, you can find BLE protocol in just about everything.

That’s great, but it also comes at a cost. Any flaws found in such a widely used protocol are nightmares, both in terms of the aggregate risk they represent and in terms of trying to find a workable mitigation and remediation strategy. Unfortunately, that’s where we are now. At issue is the reconnection process that devices utilizing the BLE protocol go through. Reconnections occur any time a Bluetooth device moves out of range and then moves back into range later on.

What’s supposed to happen in those instances is that the two devices check each others cryptographic keys negotiated during the initial pairing process. The reality is that the authentication step during reconnection is optional, rather than mandatory. It can be circumvented if the user’s device fails to enforce the IoT device to authenticate the communicated data.

This makes it possible for a nearby attacker bypass reconnection verification and send spoofed data to a device using the BLE protocol. Spoofed (erroneous) data leads to erroneous decisions, and that can lead to big problems.

There’s no good fix for this because there are billions of potentially impacted devices. Many IoT manufacturers don’t bother with security at all, so they’re incredibly unlikely to push a fix for the issue to the devices they make, even if one was given to them.

To be clear, this type of attack hasn’t been seen in the wild yet. However, given how many vulnerable devices there are, and how unlikely the problem is to be fixed in the current generation of machines, it’s just a matter of time. Stay vigilant. It’s your only defense in this case.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech