Almost all Bluetooth devices are vulnerable to a new breach

Researchers discover a new vulnerability that affects billions of Bluetooth chips called BIAS attack: How to protect yourself from one?

What is a BIAS attack?

A BIAS attack could impersonate the identity of one device and connect to another via Bluetooth to attack it.
The solution to protect our devices would be simple, update and keep the Bluetooth off when we do not use it.

There are many devices that currently have a Bluetooth chip to connect to each other and now we know that they are in danger. A group of researchers has discovered a new vulnerability in this type of connection.

The classic version of the Bluetooth protocol has a security breach that would affect billions of devices. This vulnerability has been christened BIAS (Bluetooth Impersonation Attacks), which translates as Spoofing Bluetooth.

How does a BIAS attack work?

Every time we connect one device to another through Bluetooth, these exchange a series of keys when we make the pairing. One of these keys is for later interactions , that is, it is a code so that both devices quickly recognize each other when we reconnect them. It would be very tiring to have to perform the pairing from the beginning every time we want to use the wireless headphones with the mobile again when we go running, for example.

The BIAS vulnerability exploits this code in the long term to impersonate the identity of one of the devices and connect to the other, avoiding having to go through the verification involved in the initial pairing process. If that connection is successfully made, the attacker could use it to take control of the device that they have tricked.

The researchers claim that there are a large number of Bluetooth chips affected by this failure and that they are susceptible to such an attack.” We performed BIAS attacks on more than 28 unique Bluetooth chips (attacking 30 different devices). As of writing, we were able to test Cypress, Qualcomm, Apple, Intel, Samsung and CSR chips. All of the devices we tested were vulnerable to the BIAS attack.” they explain in the statement.

How to protect yourself from a BIAS attack?

The discovery was made and published late last year, alerting the main manufacturers of these chips. These companies have had time to develop a security fix or patch and roll it back to devices that include those vulnerable chips. Therefore, the first thing we must do to protect ourselves from a BIAS attack is to update each and every one of the devices that we have at home with a Bluetooth connection.

Security updates and patches that we sometimes ignore include solutions to security breaches of this type or smaller that have been discovered, so keeping devices updated is one of the best security measures.

On the other hand, the researchers assure that it is very difficult to carry out a BIAS attack. The cyber criminal must know the long-term code shared by the device he wants to attack with someone else. But in addition, you must be close to it to make the fraudulent connection.

Other security measures that could work with these types of attacks would be not to leave the mobile phone unattended if we are not in a safe place like our home. We can also keep the Bluetooth connection of the phone turned off when we are not using it and have the headphones, speakers and other devices turned off, both to avoid draining the battery and to protect them.