BIAS against Bluetooth

Another vulnerability of the Bluetooth security stack has been revealed this week: Bluetooth Impersonation AttackS (BIAS).

Unfortunately, this highlights another concern with the Bluetooth stack and is, in-part, due to the wide range of devices and configurations that Bluetooth has to support. The suggested remedy is for «the Bluetooth SIG [to update] the Bluetooth Core Specification». (Source: bluetooth.com)

All this implies it will be up to chipset vendors to find and work around the problem in the interim.

Credit: The Hacker News tells us more …

The biggest risk is likely to be against mobile devices (mobile phones and laptops). Previously-paired devices can no longer be trusted. i.e. you could be communicating with a bad actor (impersonator).

As a word of caution: other Bluetooth-enabled smart locks and mobile software solutions may incorporate this same flaw. This would allow you to pass the digital keys to the wrong device: A «man-in-the-middle» attack.

Rest assured: Teleporte relies on digitally signed certificates to ensure that communications are encrypted. Only true Sera4 locks or lock controllers have the decryption key. All this happens without using the Bluetooth security stack — so access to your Teleporte locks remains secure and unaffected by BIAS.

Comments are closed.