NCC Group has proven that BLE devices are possible to be used from any location on the globe.
The Bluetooth Low Energy (BLE), receivers have a critical flaw that could allow cyber criminals access to personal devices such as smartphones and laptops. NCC Group, a cybersecurity company, has revealed how Bluetooth Low Energy (BLE) uses proximity to verify that the user is within close proximity of the device. This was possible to fake as part of the research. It could impact everyone, from consumers to businesses looking to lock their doors.
This is a problem that cannot be fixed or a mistake in Bluetooth specification. According to NCC Group, this exploit could impact millions of people as BLE-based proximity authentication wasn’t originally intended for critical systems like locking mechanisms in smart locks.
“What makes this so powerful is that we can convince Bluetooth devices that we’re near them–even hundreds of miles away-and that we can even do it even though the vendor has taken defensive mitigations such as encryption and latency binding to theoretically protect these communications against attackers at a distant,” stated Sultan Qasim Khan (Principal Security Consultant, Researcher at NCC Group). It takes only 10 seconds and these exploits are easily repeated indefinitely.
The Bluetooth exploit could be already affecting
The cybersecurity company says that products that rely on trusted BLE connections are vulnerable to attacks from any part of the world.
NCC Group’s findings state that “by forwarding data at the link layer from the baseband, the hack gets beyond known relay attack protections including encrypted BLE communications because it circumvents the Bluetooth stack’s upper layers and the need for decryption.”
According to cybersecurity company, these Bluetooth systems can be used to lock vehicles and residences that use Bluetooth proximity authentication mechanisms. These mechanisms are easily broken with inexpensive off-the-shelf hardware. Khan proved the concept by proving that a link-layer relay attack can defeat existing BLE-based proximity authentication applications. It was discovered that this attack affected the following devices.
- Cars equipped with an automotive keyless entry
- Laptops equipped with Bluetooth proximity unlock
- Mobile phones
- Smart locks for residential use
- Access control systems for buildings
- Tracking of medical patients and assets
The Tesla Models 3 & Y are two of the vehicles that have been identified as being affected by this exploit.
Khan said that this research “circumvents common countermeasures against remote adversarial vehicles unlocking, and changes how engineers and consumers need to think about security of Bluetooth Low Energy communication.” It’s not wise to trade security for convenience. We need better protections against such attacks.
There are ways to protect your assets from this flaw
NCC Group has three tips to help users avoid becoming the next victim of the BLE.
Manufacturers can reduce the risk by disabling proximity keys functionality when the user’s key fob or phone has been stationary for some time (based on the accelerometer).
Customers should have the option to provide a second factor of authentication or user presence attestation, so system makers can offer this option to them.
Most Popular: https://www.mobilephones-news.com/secure-coding/
Passive unlock functionality should be disabled in affected products. If Bluetooth is not required, users can disable Bluetooth on mobile devices.