Academics from Purdue University found a critical security flaw in Bluetooth Low Energy technology, that can be exploited to send spoofed data. This vulnerability puts billions of devices at risk, considering the numbers of devices in wild using this tech. The actual flaw was found in the reconnection process of BLE tech, where the authentication protocol can be skipped.
Blue Low Energy Technology Vulnerability
Bluetooth Low Energy is an optimized variant of standard Bluetooth, which works in the same way to share data but with low energy. Thus, it’s being widely adopted by OEMs in most of their battery-powered devices. But, seven academics from Purdue University has documented a serious flaw in this protocol.
Termed as Bluetooth Low Energy Spoofing Attack (BLESA), researchers claimed the flaw exists in its reconnection process. A general Bluetooth protocol defines that both the devices, once after being disconnected due to long-range and trying to reconnect when entered the range again, have to authenticate each other’s built-in cryptography keys for verification.
But, since the specifications of Bluetooth Low Energy were loosely written as the authentication could be “optional” and potentially be skipped if the “user’s device fails to enforce the IoT device to authenticate the communicated data“, as ZDNet reported. These laws can trigger BLESA attack as per researchers, where they said an attacker can potentially bypass the authentication process, and send spoofed data to a device with incorrect information.
These could make up the botnet and some malicious code induced by the attacker can automate processes to shut it down and help make a DDoS attack. Researchers said that not all devices are vulnerable to this attack, but devices using the iOS stack of BLE, Androids using Fluoride stack and BlueZ stack-based Linux devices fall for it. This leaves the Windows machines safe since they use a BLE stack which is safe.
Other Trending News:- News