Bluetooth Flaw Could Let Attackers Intercept Data
Ohio State University researchers discovered a flaw in the Bluetooth protocol that could allow attackers to gain control of some devices.
While the Bluetooth protocol is reasonably secure, Bluetooth Low Energy is vulnerable in some scenarios during their communication with phones. The researchers built a “sniffer” that could detect vulnerable Bluetooth devices up to 1,000 meters away.
Wearable trackers, smart thermostats, home assistants and many other devices use Bluetooth Low Energy. Pairing with a phone or other controlling interface is done with the help of a UUID (universally unique identifier), usually a 128-bit number. Even if the phone goes out of range, the connection is re-established using the identifier because the emitting device is always broadcasting the UUID.
Things are not as bad as it might seem, as communication between Bluetooth emitting devices and the host is usually encrypted. However, this not followed by all app developers. Researchers discovered that some of these communications are unencrypted, or poorly encrypted.
“At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps,” said Lin Zhiqiang Lin, associate professor of computer science and engineering. “But in some cases in which no encryption is involved or encryption is used improperly between mobile apps and devices, the attacker would be able to ‘listen in’ on your conversation and collect that data.”
To test their theory, researchers built a dedicated “sniffer,” and with the help of an amplifier, managed to intercept signals from a kilometer away. Researchers drove around the Ohio State campus and discovered 5,800 devices, and identified about 5,500. Out of this pool, 431 (7.4%) devices were vulnerable.
Following the study, the researchers informed the Bluetooth Special Interest Group and built a tool that evaluates all the Bluetooth Low Energy apps in the Google Play Store (more than 18,000.) Only Android apps were evaluated, and the analysis didn’t include apps in the Apple Store.Bluetooth Internet of Things IoT sniffer