Vulnerabilities in the Bluetooth authentication process give attackers a way to insert rogue devices between two securely paired devices, academic researchers find.
Security researchers from three universities in Europe have found multiple weaknesses in the ubiquitous Bluetooth protocol that could allow attackers to impersonate a paired device and establish a secure connection with a victim.
Most standard Bluetooth devices are vulnerable to the issue, according to the researchers, who successfully tested a proof-of-concept attack they developed against 31 Bluetooth devices from major hardware and software vendors. Bluetooth chips from Apple, Intel, Qualcomm, Cypress, Broadcomm, and others are all vulnerable to the attacks. Adversaries can impersonate any Bluetooth-enabled device from smartphones and laptops to IoT devices, the researchers say.