A new Bluetooth vulnerability called BIAS or Bluetooth Impersonation AttackS allows attackers to gain access to your device by impersonating the identity of a previously paired device.
This flaw affects a number of devices having Bluetooth like smartphones, tablets, laptops, headphones, etc.
The researchers found this vulnerability back in December 2019 and reported the same to Bluetooth Special Interest Group (Bluetooth BIS).
Researchers tested it on different devices from different manufactures including all leading brands like Apple, Google, LG. Motorola, Nokia, MacBook, HP, Lenovo, etc. Even headphones were affected by this.
The researcher team tested it on 31 devices and surprisingly all 31 attacks were successful.
As per the research team, all 31 devices used Bluetooth chips from 28 different manufactures.
Bluetooth Special Interest Griup has asked various manufactures to fix the issue by pushing update to end users. So all users are recommended to update their smartphone when a latest patch comes out.
The researcher team said, “Our attacks allow to impersonate Bluetooth master and slave devices and establish secure connections without knowing the long term key shared between the victim and the impersonated device.”
The researchers employed the test on devies powered by Bluetooth chips from Apple, Qualcomm, Intel, Cypress, Broadcom, and others. All of them were found to be vulnerable to BIAS.
Bluetooth SIG said, “The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.”
Bluetooth SIG reported the vulnerability to manufactures in December 2019, so some devices which got the update already might have fixed the issue.