BLE 5.2 Resolves Key Bluetooth Security Vulnerabilities

One of the major vulnerabilities with Bluetooth security has been eavesdropping.

This is where eavesdroppers trick you into pairing with their devices by misspelling the name of a device your device trusts. They can, for example, name their device the same name you have named your office printer, so when you are searching the printer using your phone Bluetooth, it is the hackers’ Bluetooth you find and connect with first. Upon pairing, they gain access to your entire device.

Another major Bluetooth security issues has been bluesnarfing. This occurs when a hacker pairs with your Bluetooth device without your knowledge and steals or compromises your personal data.?

To stage a Bluesnarf attack, a hacker needs to exploit the vulnerabilities present in some deployments of the object exchange (OBEX) protocol, which is widely used to govern the exchange of information between wireless devices. The attacker must then connect to?the OBEX Push Profile (OPP), a service which typically doesn’t require authentication, and which is optimized for the easy exchange of digital business cards and other objects.

Bluesnarfing then requires the attacker to connect to an OBEX Push target and perform an OBEX GET request for known filenames. These filenames are specified under the IrMC Specification (a standard for wireless data transfer), and include the likes of “telecom/cal.vcs” (for a device calendar) and “telecom/pb.vcf” (for a device phone book).

Once the OBEX protocol has been compromised, a hacker can synchronize their own system with their targeted victim’s device, in a process known as pairing. If the firmware on a device is unsecured or improperly implemented, an attacker may be able to gain access to and steal all the files whose names are either known or guessed correctly.

They may also be able to gain access to any services available to the targeted user.

Fortunately, much of these Bluetooth security issues have been resolved with the latest version of Bluetooth, BLE 5.2, largely due to an updated SoC (system-on-a-chip) solution.

These new SoCs in BLE 5.2 provide a security feature called Secure Boot with root of trust and secure loader (RTSL) that uses a two-stage bootloader designed to ensure that an EFR32BG22-based system boots only with authenticated firmware.

Conceptually, Secure Boot with RTSL addresses a weakness in older single-stage bootloader systems that permitted hackers to take complete control of a connected system by booting it with compromised firmware.

Want to learn more? Tonex offers Bluetooth Security Training, a 2-day course covering the security capabilities of Bluetooth. The course provides coverage on Bluetooth weaknesses, threat vectors, Bluetooth security features, Bluetooth attacks and guidelines to organizations employing Bluetooth technologies on securing them effectively.

Additionally, Tonex offers nearly three dozen more courses in Cybersecurity Foundation. This includes cutting edge courses like:

--Cybersecurity Fundamentals (2 days)

--Electric Grid Cybersecurity Master Certification (4 weeks)

--Network Security Training (2 days)

--Software Security Training (2 days)

--ICS Cybersecurity Training (4 days)

For more information, questions, comments,?contact us.