"Bluetooth Security Challenged"

Bluetooth was not designed to communicate secure data, but rather to connect devices wirelessly. According to Ohio State University (OSU) professor Zhiqiang Lin and post-doctoral researcher Yue Zhang, the lack of security built into the short-range wireless technology provides hackers with a simple path into Bluetooth-compatible devices. In November, they presented their most recent research on how hackers can use Bluetooth to track a user's location. Lin noted that the objective of such an attack is to circumvent the Media Access Control (MAC) address randomization employed by mobile Bluetooth devices, such as smartphones, earphones, and even hearing aids. The OSU researchers have demonstrated that the Bluetooth Address Tracking (BAT) attack vector works on more than 50 commercially available Bluetooth devices. All Original Equipment Manufacturers (OEMs) and the Bluetooth Special Interest Group (SIG) that establishes standards for the wireless technology were alerted of the issue. The BAT attack vector listens for the signal that idle Bluetooth devices transmit every 20 milliseconds in order to make their MAC address available so that other Bluetooth devices can connect to them. Periodically randomizing the MAC address was intended to avoid direct user tracking. The SIG standardization group added a list of recognized safe devices to prohibit the connection of unknown devices and strengthen security. However, according to the OSU researchers, the process of verifying an authorized device's presence has created a "signature" that hackers can use for device tracking via a side-channel attack. According to Li, the MAC address randomization system is defective because it is vulnerable to a "replay attack" in which the hacker replays a broadcast MAC address, then listens to see if the targeted device responds, thus determining whether it is on the allowed list. This article continues to discuss the demonstration of the BAT attack vector that challenges Bluetooth security.

Communications of the ACM reports "Bluetooth Security Challenged"

 

Submitted by Anonymous on