- University researchers figure out a way to sniff Bluetooth signals and access devices from afar.
- The team used inexpensive hardware tools to capture signals from a distance of one kilometer.
- There are hundreds of vulnerable Android apps right now, but fixing the issue should be easy.
A team of researchers from Ohio State University in the U.S. has discovered a new vulnerability in the way that the Bluetooth Low Energy (BLE) devices operate. According to the report that was presented in the recent “Association for Computing Machinery’s Conference on Computer and Communications Security”, the issue is a fundamental flaw in the way the initial pairing of a device and an application takes place. The flaw continues to exist during the BLE operation phase too and is consistent among all BLE devices in the market right now.
When a Bluetooth device tries to pair with an app, it broadcasts a UUID signal, which is a universally unique identifier. This is what enables the app to identify the device and establish a connection between the two. The problem with this phenomenally innocuous process is that malicious actors could launch fingerprinting attacks based on this broadcasting. At the least dangerous scenario, a hacker could determine what Bluetooth device you are using, and in the worst-case scenario, to intercept unencrypted signals and steal sensitive user data.
Building a sniffer that would do the trick is fairly simple and cheap. The team has used a simple Bluetooth receiver adapter coupled with a signal amplifier. While the current generation of Bluetooth technology offers a maximum operational distance of 100 meters, the researchers have found that weak signals go a lot farther. By using an amplifier, they were able to sniff signals at distances that go up to 1000 meters. Based on this, their sniffer captured signals from 5800 Bluetooth Low Energy devices that were active on the Ohio State’s campus and within the range of the device. 94.6% of these could be fingerprinted, while 7.4% were vulnerable to unauthorized access and eavesdropping.
As for the vulnerable devices, the team audited 18166 apps in the Google Play Store and found that 1434 of them are vulnerable to attacks. Apple’s App Store wasn’t included in the research, but the situation there is likely to be similar. As much as all this may sound like a huge issue, it is very easy to fix according to the researchers. The team has already reported their findings to the developers of the vulnerable apps, and they are confident that most of the flaws will be plugged soon.