NCC Group, a cyber security company, released information on the 16th (local time). According to information that there is a vulnerability that leads to a relay attack in Bluetooth Low Energy (BLE). In this blog post, you will read about the latest update on Bluetooth devices which can cause huge damage to all your Bluetooth devices including smart locks of Cars and Doors.
BLE is available in various devices such as automobiles, smart locks, smartwatches, and notebook PCs, and is also using a proximity authentication mechanism. The company has now discovered that by transferring data from the baseband at the link layer.
It is possible to break through existing protections, including encrypted communications. The problem is that the link-layer relay attack success in attacking an existing application that performs proximity authentication by BLE.
RELATED | Silent Exit Feature: WhatsApp May Soon Let You Leave Groups Silently
Bluetooth Low Energy Vulnerability: Its Effects
It is said that there are many targets of attack due to the widely adopted technology, such as automobiles equipped with keyless entry, notebook PCs / mobile phones that can unlock proximity with Bluetooth, smart locks for houses, and entrance/exit management systems for buildings, etc. Examples include asset and patient tracking systems.
According to the company, BLE proximity authentication is not originally for important applications such as a lock mechanism, it is not an error in the Bluetooth specifications, and it is difficult to fix it with a simple software patch.
For users, it introduces countermeasures such as disabling the unlock function that does not explicitly require authentication. Furthermore, turning off the Bluetooth Low Energy Vulnerability function when it is not advisable.
Prior to the announcement, information has been available to the developers of products that have already been in testing. Moreover, the Bluetooth Special Interest Group (Bluetooth SIG), and discussions on mitigation measures are underway.
How to Protect Yourself Against Vulnerability?
The first thing you should understand is that you can not fix Bluetooth Low Energy Vulnerability with a firmware update of Blutooth. However, there are still some ways that you can use to protect against this BLE Vulnerability.
There is advice from the research department and it’s like “Manufacturers can reduce risk by disabling proximity key functionality. Especilay when the user’s phone or the key fob has been stationary for a while (based on the accelerometer). System makers should give customers the option of providing a second factor for authentication. Or user presence attestation (e.g., tap an unlock button in an app on the phone).”
In other words, the solution to this problem is by the manufacturers and from the client side. Next time you are going to purchase a Bluetooth device then make sure its proximity function is not available.
RELATED | Silent Exit Feature: WhatsApp May Soon Let You Leave Groups Silently