The Bluetooth Special Interest Group reported today an update to the Bluetooth Core Specification to stop Bluetooth BIAS attacks from downgrading the Bluetooth Classic protocol to a less secure legacy authentication mode.
Manufacturers that make Bluetooth devices are expected to roll put firmware updates in the coming months.
Affected Apple Devices
- iPhone 8 and later
- 2017 MacBook Pro and later
- 2018 iPad and later
BIAS, short for Bluetooth Impersonation AttackS, is when “an attacking device spoofing the address of a previously bonded remote device to successfully complete the authentication procedure with some paired/bonded devices while not possessing the link key.”
Translation: An attack device like a Raspberry Pi can pretend to be one of your previously paired devices. There are two modes in which data can either be sent to the target, or received by the attacker. The attack would of course have to come within Bluetooth range which is typically around 30 feet for modern Bluetooth protocols.
The update to the Bluetooth Core Specification that Bluetooth SIG is rolling out would add clarification as to when mode switching is permitted. It also requires mutual authentication in older Bluetooth authentication protocols, and recommends checks for encryption type so that it can’t be downgraded to older, less secure encryption.