Home / Apple / New Bluetooth security flaw exposes users to Man-in-the-Middle attacks, but limited risk on iPhones

New Bluetooth security flaw exposes users to Man-in-the-Middle attacks, but limited risk on iPhones



Bluetooth logo

Various security flaws have previously been found in Bluetooth. Today, another security flaw has been discovered in versions of Bluetooth from 4.0 to 5.0. However, if you are an iPhone user, you are less prone to this security flaw.

Two security researchers, the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University, have independently found a security flaw in Bluetooth v4.0 and its advanced versions.

This security flaw allows the attacker to connect to a user̵

7;s device without having to authenticate the connection. This vulnerability is called a Man-In-The-Middle (MITM) attack. In this security flaw, an attacker could pretend to be a device that was previously paired with a user’s device, which would allow the attacker to connect to a user’s phone without any intervention.

While the severity of the vulnerability is not yet clear, the Bluetooth Special Interest Group (SIG) has confirmed this security flaw. According to Bluetooth SIG, there is not much the organization can do at the moment. It seems to have contacted vendors who have recommended them steps to protect against this security flaw. Commenting on the issue, the Bluetooth SIG organization has released the statement mentioned below.

Researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University have independently identified vulnerabilities related to Cross-Transport Key Derivation (CTKD) in implementations that support pairing and encryption with both Bluetooth BR / EDR and LE in Bluetooth specifications 4.0 to 5.0 […]

For this attack to succeed, an attacking device must be within wireless range of a vulnerable Bluetooth device that supports both BR / EDR and LE transports that support CTKD between transports and allow pairing on either BR / EDR or LE transports, either with no authentication (eg JustWorks) or no user-controlled access restrictions for the availability of pairing. If a device that spoofs the identity of another device is paired or tied to a transport, and CTKD is used to derive a key that then overwrites an existing key with greater strength or that was created using authentication, access to authenticated services may occur . This can allow a Man In The Middle (MITM) attack between previously bound devices using authenticated pairing when both of these devices are vulnerable.

On the brighter side, it is said that iOS users are less vulnerable as Apple offers protection such as app sandboxing in iOS, which can protect users from security flaws like these. Furthermore, Apple requires apps to ask the user for permission when a Bluetooth connection is required. This step notifies the user of the connection, and if the user has not started the connection, they can deny the connection request, which protects users from such attacks.

Our Take

Now that you know about this new security flaw in Bluetooth, make sure you keep an eye on your Bluetooth connections. After all, self-protection is the best protection.

[Source: 9to5Mac]