The Bluetooth SIG asks to update to the latest version to avoid this attack that they do not consider very serious
A bug in Bluetooth allows third parties to impersonate the victim
JOSÉ A. GONZÁLEZ
Madrid
Thursday 21 May 2020, 08:12
telegram
In full discussion about the importance of Bluetooh in de-escalation and contact tracing processes. While several teams are working on the development of systems based on this technology, the École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland has discovered a security breach that allows an attacker to impersonate another device with which the user initially seeks to connect .
This vulnerability, according to the researchers, affects practically all devices equipped with this technology and "that have not been recently updated", they highlight.
This security breach called BIAS (Bluetooth Impersonation Attacks) has been covered in part since December 2019, as the Bluetooth SIG informed different device and software manufacturers of the existence of this problem and released several security patches.
The attack , which combined with others can allow third parties much greater control of the victim's device, is based on impersonating the identity of the person with whom the connection is established .
Thanks to a failure in the management of the keys of the already paired devices, cybercriminals can impersonate the device to which the victim really wants to connect.
Following the announcement of the researchers from the École Polytechnique Fédérale de Lausanne (EPFL), the Bluetooth SIG association has confirmed that this security flaw in device pairing will be resolved with the launch of the new Bluetooth standard, which has not announced the date. update.
For now, the Bluetooh SIG has asked users and device and software manufacturers to update to the latest version available to prevent this type of attack