New Bluetooth Security Flaw Exposes Users to Man-in-the-middle Attacks, But Limited Risk on iPhones

Bluetooth logo

Various security flaws have been found in Bluetooth in the past. Today, yet another security flaw has been discovered in versions of Bluetooth from 4.0 to 5.0. However, if you are an iPhone user, you are less susceptible to this security flaw.

Two security researchers, École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University, have independently found a security flaw in Bluetooth v4.0 and its advanced versions.

This security flaw allows the attacker to connect to a user’s device without needing to authenticate the connection. This vulnerability is being called a Man-In-The-Middle (MITM) attack. In this security flaw, an attacker can impersonate a device that was previously paired with a user’s device, which would allow the attacker to connect to a user’s phone without any intervention.

While the seriousness of the vulnerability isn’t clear yet, the Bluetooth Special Interest Group (SIG) has confirmed this security flaw. According to Bluetooth SIG, there isn’t much the organization could do at the moment. It seems to have been contacting vendors recommending them steps to protect against this security flaw. Commenting on the issue, the Bluetooth SIG organization has issued the statement mentioned below.

Researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University have independently identified vulnerabilities related to Cross-Transport Key Derivation (CTKD) in implementations supporting pairing and encryption with both Bluetooth BR/EDR and LE in Bluetooth Specifications 4.0 through 5.0 […]

For this attack to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device supporting both BR/EDR and LE transports that supports CTKD between the transports and permits pairing on either the BR/EDR or LE transport either with no authentication (e.g. JustWorks) or no user-controlled access restrictions on the availability of pairing. If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur. This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.

On the brighter side, iOS users are said to be less vulnerable as Apple offers protections like app sandboxing in iOS, which could protect users against security flaws like these. Moreover, Apple requires apps to ask a user for permission when a Bluetooth connection is required. This step notifies the user of the connection and if the user has not initiated the connection, they can deny the connection request, which protects users from such attacks.

Our Take

Now that you know about this new security flaw in Bluetooth, make sure that you keep a check on your Bluetooth connections. After all, self-protection is the best protection.

[Source: 9to5Mac]