Cyber-security researches at Purdue University have discovered a critical vulnerability in the Bluetooth software stack. Called ‘BLESA’, or Bluetooth Low Energy Spoofing Attack, the exploit affects Bluetooth LE devices and has the potential to expose billions of people to hacking. Unlike the recently discovered BLURtooth vulnerability that deals with how Bluetooth devices pair with one another, BLESA affects the re-connection process in the BLE software stack.
Reconnections take place when two BLE devices move out of range temporarily before moving back into connection range. While Bluetooth devices typically re-authenticate the cryptographic keys before reconnecting in such scenarios, the researchers found that it might bypass a mandatory recheck in some scenarios, resulting in the critical vulnerability.
Apparently, re-authentication of cryptographic keys is optional under the BLE standard, leaving the door open for possible hackers and malicious actors. In addition, authentication can be circumvented if a BLE device fails to force another device to authenticate the cryptographic keys while reconnecting.
The vulnerability was found in the iOS BLE stack, as well as BlueZ and Fluoride. While the former is a Linux-based implementation of BLE that’s used in IoT devices, the latter has been used in Android for years. It is worth noting though that with Android 11, Google is testing a brand new Bluetooth stack called ‘Gabeldorsche’, or GD, for short.
While Apple apparently patched the vulnerability with iOS 13.4, the BlueZ and Fluoride Bluetooth stacks continue to remain vulnerable. Interestingly, Windows is seemingly immune to this particular exploit, but the vulnerabilities in the other platforms alone are expected to affect billions of smartphones, tablets and IoT devices.