Please consider updating your browser. Some parts of the website may not function as intended.

BLE Vulnerability Leads to Broken Authentication and Malicious Data Transfer

A successful Bluetooth Low Energy Spoofing Attack (BLESA) allows threat actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to the device. This first starts with malicious packets fooling the device into behaving abnormally and attackers manipulating the device to feed it misleading information.

The vulnerability affects Linux, Android, iOS platforms and more specifically Linux based BlueZ IoT devices, Android-based Fluoride, and the iOS BLE stacks. Windows machines remain unaffected. The flaw was patched in June. However, the Google Pixel XL running Android 10 is still vulnerable.

The remediations:

Whilst there isn’t any practical remediation currently due to the difficulty in patching the repairing process, there are ways you can minimize the risks of this attack. To help protect against the BLESA attack you can update your phone to the latest developer firmware, via an iOS update or an Android OS software update, ASAP. It’s best practice to always turn off Bluetooth when not in use to prevent unnecessary risk.

Source: Threat post, Threat hub

One thought on “BLE Vulnerability Leads to Broken Authentication and Malicious Data Transfer

Leave a Reply

Your email address will not be published. Required fields are marked *

Do NOT follow this link or you will be banned from the site!