BLESA .. Bluetooth Disguised

The improper BLE reconnection procedure has made billions of Android and iOS devices vulnerable to the new attack dubbed Bluetooth Low Energy Spoofing Attack (BLESA).

Two critical security flaws in the BLE link-layer authentication mechanism expose Bluetooth devices to the BLESA attack.
These weaknesses allow an attacker to impersonate a BLE server device and provide spoofed data to another previously paired device.

Researchers have found that multiple software stacks (more than one billion BLE devices and 16,000 BLE apps) such as BlueZ (Linux-based IoT devices), Fluoride (Android), and the iOS BLE stack could be exploited using the BLESA flaw.
Additionally, researchers found a related implementation vulnerability (CVE-2020-9770) in the Android and iOS BLE stacks that makes these two stacks vulnerable against BLESA.

Earlier this month, another vulnerability dubbed BLURtooth was found in a Cross-Transport Key Derivation (CTKD) component of Bluetooth. By setting up two different sets of authentication keys for both the BLE and Basic Rate/Enhanced Data Rate (BR/EDR) standard, it lets attackers overwrite Bluetooth authentication keys.

In July, researchers reported an authentication bypass in BLE reconnections using two critical design weaknesses in BLE stack implementations in Linux, Android, and iOS. Google and Apple also confirmed the flaw.

Escape route

The BLESA attack targets more often-occurring reconnection processes, therefore it is hard to defend against this attack. Purdue’s team has released a report related to possible improvements in the reconnection procedure. According to them, there is a need to improve the BLE stack implementations and update the BLE specification.

It’s Blurtooth đź’™ Not bluetooth

A vulnerability in the ubiquitous Bluetooth wireless standard could enable hackers to connect to devices remotely in a given area and access users’ applications dubbed Blurtooth

Bluetooth is found in billions of devices worldwide ranging from smartphones to “internet of things” gadgets. In the consumer technology world, it’s commonly used to power short-range connections for tasks such as pairing wireless earbuds with a handset. Bluetooth also supports longer-range data transfer over distances of as much as several hundred feet, a range that hackers could potentially exploit using Blurtooth to launch attacks.

The vulnerability harnesses a weakness in the way Bluetooth verifies the security of connections. Normally, a user must manually approve a connection request before their device is linked to another system, but Blurtooth makes it possible to circumvent this defense.

A hacker can configure a malicious system to impersonate a Bluetooth device that the user had already approved, such as their wireless earbuds, and gain access to the Bluetooth-enabled apps on the user’s machine.

Blurtooth attacks rely on a built-in Bluetooth security feature known as CTKD. Normally, this feature is used to help encrypt connections. Hacker could exploit it to hijack the authentication key of a previously approved device, which is what makes it possible to impersonate legitimate endpoints, and thereby circumvent the need for the user to approve inbound connections.

The limited wireless range of Bluetooth reduces the threat posed by the vulnerability. The two editions of the technology affected, Low Energy and Basic Rate, only support connections over distances of up to 300 or so feet.

The widespread support for those two Bluetooth editions in consumer devices means that a large number of endpoints could potentially be vulnerable.

All devices using Bluetooth versions 4.0 through 5.0 are affected. The newest 5.2 version, which isn’t yet widely adopted, apparently isn’t vulnerable, while the 5.1 release has certain built-in features that device makers can turn on to block Blurtooth attacks.

Bluetooth impersonation vulnerability

Overview

Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS).

Description

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations, including the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to spoof the address of a previously paired remote device to successfully complete the authentication procedure with some paired/bonded devices without knowing the link key.

The Bluetooth Impersonation Attack (BIAS) can be performed in two different ways, depending on which Secure Simple Pairing method was previously used to establish a connection between two devices. If the pairing procedure was completed using the Secure Connections method, the attacker could claim to be the previously paired remote device that no longer supports secure connections, thereby downgrading the authentication security.

This would allow the attacker to proceed with the BIAS method against the legacy authentication unless the device they are attacking is in Secure Connections only mode. If the attacker can either downgrade authentication or is attacking a device that does not support Secure Connections, they can perform the attack using a similar method by initiating a master-slave role switch to place itself into the master role and become the authentication initiator. If successful, they complete the authentication with the remote device. If the remote device does not then mutually authenticate with the attacker in the master role, it will result in the authentication-complete notification on both devices, even though the attacker does not possess the link key.

The BIAS method is able to be performed for the following reasons: Bluetooth secure connection establishment is not encrypted and the selection of secure connections pairing method is not enforced for an already established pairing, Legacy Secure Connections secure connection establishment does not require mutual authentication, a Bluetooth device can perform a role switch any time after baseband paging, and devices who paired using Secure Connections can use Legacy Secure Connections during secure connection establishment.

Impact

An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. The BIAS attack could be combined with the Key Negotiation of Bluetooth (KNOB) attack to “impersonate a Bluetooth device, complete authentication without possessing the link key, negotiate a session key with low entropy, establish a secure connection, and brute force the session key”. An attacker could initiate a KNOB attack on encryption key strength without intervening in an ongoing pairing procedure through an injection attack. If the accompanying KNOB attack is successful, an attacker may gain full access as the remote paired device. If the KNOB attack is unsuccessful, the attacker will not be able to establish an encrypted link but may still appear authenticated to the host.

Solution

Bluetooth host and controller suppliers should refer to the Bluetooth SIG’s statement for guidance on updating their products. Downstream vendors should refer to their suppliers for updates.