Warning over new Bluetooth security vulnerability

Devices become vulnerable when they are initially paired to a mobile app

Researchers from Ohio State University have discovered a flaw in Bluetooth devices that leave them vulnerable to hacking.

According to the researchers, this particular issue stems from the way in which Bluetooth Low Energy (BLE) devices communicate with the mobile apps that control them.

BLE devices are special types of Bluetooth devices designed to provide significantly lower power consumption. BLE technology is now used in most modern gadgets and is specifically aimed at novel applications in the security, healthcare, fitness and home entertainment industries.

"There is a fundamental flaw that leaves these devices vulnerable - first, when they are initially paired to a mobile app, and then again when they are operating," said Zhiqiang Lin, associate professor of computer science and engineering at the Ohio State University.

In order to establish communication with a mobile app for the first time, a Bluetooth device broadcasts a universally unique identifier (UUID), which enables the app to recognise the device and initiate communication with it.

According to the researchers, these device identifiers are also embedded into the mobile app code, which makes BLE devices vulnerable to fingerprinting attacks. Because of this design flaw, hackers can easily determine whether a user has a particular Bluetooth device in their home. To do that, they just need to track the UUIDs being broadcast.

And if the Bluetooth device and mobile apps use weak encryption during communication, an attacker could also intercept the data being transferred between them.

The researcher said they performed an experiment using a hacking device within Ohio State's campus and were able to sniff the signals of hundreds of BLE devices up to 1,000 metres away.

They took their 'sniffer' around a 3.30-square-kilometre area and found more than 5,800 BLE devices. Of those, 94.6 per cent of the devices were able to be identified by an attacker, while 7.4 per cent were vulnerable to eavesdropping or unauthorised access.

This is not the first time that researchers have reported vulnerabilities in Bluetooth devices.

In July, researchers from Boston University warned about a bug in the Bluetooth communication protocol that they said could enable cybercriminals to track Bluetooth devices, including laptops and smartphones manufactured by Apple and Microsoft.

In August, researchers described another significant vulnerability, dubbed "Key Negotiation of Bluetooth attack" or KNOB, that affected Bluetooth BR/EDR devices using specification versions 1.0 to 5.1.

The researchers said that the flaw could enable hackers to brute force the encryption key used by devices during pairing to manipulate or monitor the data transferred between the paired devices.