This Bluetooth bug lets you hack your car and home lock

Bluetooth is a technology that is present everywhere. We use it in mobile phones, headphones, computers… Also in many IoT devices. It allows you to establish a wireless connection, share files, synchronize data… However, sometimes failures can occur and information can be exposed. In this article we echo a Bluetooth vulnerability and puts cars, locks and many more devices at risk.

A serious bug affects Bluetooth

This vulnerability specifically affects Bluetooth Low Energy (BLE) and has been discovered by security researchers from NCC Group. This protocol is widely used to carry out proximity authentications. For example to open a door. The researchers indicate that it is not a classic vulnerability, since it is a problem that appears due to the use of BLE for purposes for which it was not created.

This bug affects the way many products implement the proximity authentication which is based on Bluetooth Low Energy. The device unlocks or stays unlocked when another BLE device is nearby. They have created a tool that is capable of exploiting the operation of this technology. They ensure that it is capable of bypassing defensive measures such as encryption or the latency limit. All this in a matter of 10 seconds.

So what does this vulnerability really mean? It allows attacking certain devices that use Bluetooth Low Energy to authenticate. For example vehicles like tesla or smart locks. However, to carry out these attacks it is necessary to have the appropriate hardware and software, which is what these security researchers have created to carry out the test.

But this problem does not only affect cars and locks; others many gadgetssuch as laptops, mobile phones, access systems and tracking devices can also be compromised.

Keep in mind that this security issue only affects systems based on passive detection of a Bluetooth device. Therefore, it could not be exploited when unlocking depends on a combination of communication protocols.

Bluetooth vulnerability in Android

Solving the problem depends on the manufacturers

This problem with Bluetooth is not the same as many others that we have seen on other occasions. It is not fixed by simply updating the firmware and adding a patch. This bug will depend on manufacturersso they are the ones who have to take certain measures to fix it.

Security researchers indicate that a possible solution is disable proximity feature when the phone or key fob has been sitting still for a while. For this they can use the accelerometer.

Also, manufacturers should allow the user to use a second step to authenticate. For example it could be pressing a button. This would provide more guarantees in order to avoid attacks.

Another option for users is to disable the passive unlock functionality that does not require explicit approval or simply disable Bluetooth when not in use.

In short, this security flaw can put many devices that use Bluetooth technology at risk. Cars, seamers and other authentication devices could be compromised.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *