Network security

From BIAS to Sweyntooth: Eight Bluetooth Threats to Network Security

If Bluetooth has revolutionized hands-free communications, it is not without flaws, particularly in terms of security. Bluetooth has a history of vulnerabilities that continues to expose businesses to a major security hole. The vulnerabilities provide an entry point for attackers to read encrypted conversations, disable and/or block devices, and even take remote control of devices.

Dangers of Bluetooth Attacks

There have been many notable Bluetooth vulnerability discoveries in recent years and the sophistication of attacks will only evolve. Disturbingly, hackers no longer need to be near devices to carry out their exploits.

Bluetooth was designed for short-range communications, but because they contain radios, cyber thieves can exploit a system remotely and then leverage that system’s Bluetooth interface to launch an attack. As such, it is possible for an attacker to not only execute these ranged attacks while in close proximity, but also to carry them from much further away using low-cost equipment.

Due to the ability of attackers to implement attacks remotely via radio, the growing threat to network security from Bluetooth devices is a major concern for security teams. Here are the top 8 recent discoveries of Bluetooth vulnerabilities that organizations have had to deal with:

BIAS (Bluetooth spoofing attacks)Earlier this year, a new Bluetooth flaw called BIAS was discovered with the potential to expose billions of devices to hackers. BIAS allows cybercriminals to create an authenticated Bluetooth connection between two paired devices without the need for a dongle.

The attacker is able to take control of the communication between the two devices by impersonating either end, such as a mouse or keyboard, giving the intruder access inside of the targeted device. Once inside, the disguised attacker can then implement malicious exploits such as stealing or corrupting data.

BleedingBit The attacker can leverage vulnerabilities in Bluetooth Low Energy (BLE) implementation for remote code execution and full machine takeover to infiltrate networks and inject ransomware.

BlueTerminal An attacker can trigger carefully crafted packets to cause buffer overflows which can be exploited for code execution. The attacker can then take control of a machine running Bluetooth Classic and use it as a potential entry point for ransomware.

Bluetooth Denial of Service (DoS) via Inquiry Flood This DoS attack targets BLE devices, draining their batteries and preventing them from responding to other legitimate device requests. This is of particular concern for medical devices used in life-threatening situations.

Invalid curve attack at fixed coordinates Hackers can crack the encryption key for Bluetooth and BLE due to subtle flaws in the Elliptic Curve Diffie-Hellman key exchange process. Attackers can impersonate devices, inject commands, and break in looking for additional security vulnerabilities.

KNOB (Bluetooth negotiation key) An attacker can crack the encryption of a Bluetooth conversation and then eavesdrop to see all encrypted traffic as if it were plain text. The attacker can erase or inject packets, and ransom or publish captured details.

Malicious applications taking advantage of radio frequency interfaces By exploiting a downloaded app, a cybercriminal can gain access to an iPhone’s camera and microphone without permission. The attacker can then record and exfiltrate the audio and video, then ransom or publish the compromised information.

Sweyn’s Tooth An attacker in radio range can trigger hangs, crashes, and buffer overflows or completely bypass security by sending bad packets over the air. This leads to the crashing of devices such as medical equipment, which can cause harm to patients, or other IoT-connected devices in offices or homes.

Fighting Bluetooth exploits

The aforementioned Bluetooth vulnerabilities were not the first and certainly won’t be the last. So how can enterprises protect their networks from current and future Bluetooth attacks? It won’t be easy. Bluetooth is software and therefore will probably never be without vulnerabilities.

Meanwhile, Bluetooth devices are getting smaller and harder to prevent from entering secure facilities. Therefore, organizations must implement strict Bluetooth guidelines and adopt a robust security posture. This includes complete visibility to identify and recognize the devices that are in their facilities and infrastructure.

It’s also crucial to remove unnecessary devices, components, and interfaces, and to be cautious and continually patch vulnerable devices and components. As with any security threat, vigilance and early detection are key to preventing attacks and/or limiting potential damage.

Source link