The vulnerability marked as BLESA opens a new vulnerability in all devices using the Bluetooth interface. Billions of equipment have been exposed, we read on ZDNEt.
The vulnerability of Bluetooth allows for attacks on hardware
/123RF/PICSEL
The entire vulnerability has been marked as BLESA (Bluetooth Low Energy Spoofing Attack) and affects devices using the Bluetooth Low Energy protocol. BLE is a slimmed-down version of the Bluetooth standard, designed to conserve energy while maintaining a stable connection for as long as possible. Due to its battery saving features, Bluetooth LE has been widely implemented over the past decade, becoming a technology that is almost ubiquitous in all devices that run on a battery.
A team of seven scientists examined a section of the BLE protocol that plays a key role in its operations, which was analyzed for safety. It turned out that the official specification does not contain language strong enough to properly prepare the hardware reconnection process. What does it mean? The attacker may bypass reconnection verification and spoof the input. In most cases, the systems will make the wrong decision in this case.
Researchers suggest that the number of devices vulnerable to a BLESA attack is around several billion. All these devices would also need to receive a special software update from the manufacturer, making the whole process a nightmare. The case concerns smartphones, tablets, IoT devices, as well as all devices that have a Bluetooth LE module.
Defending against Bluetooth attacks means pairing devices in controlled environments – defending against BLESA is much more difficult as the attack targets the more frequent reconnection operation.
It is not known how the manufacturers of the equipment will react to the situation.
–