Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices
According to security researchers, unpatched security bugs remain in Bluetooth chips from companies like Apple, Intel, Qualcomm, Samsung, and others, allowing for Bluetooth Impersonation Attacks (BIAS). Researchers found the vulnerabilities in Bluetooth Classic, allowing attackers to spoof paired devices, posing as a trusted endpoint. This then allows the attackers to gain sensitive data from the other device.
The BIAS attacks that can occur as a result of these vulnerabilities target everything from IoT gadgets, to phones, to laptops, according to researchers. Although the flaws are not yet patched, some affected vendors may have already employed workarounds to the vulnerabilities. Researchers stated that they conducted BIAS attacks on 28 unique Bluetooth chips, concluding that all devices tested were vulnerable to this type of attack, including chips from Cypress, Qualcomm, Apple, Intel, Samsung, and CSR.