image credit: unsplash
The security flaw allows for an attacker within Bluetooth range of an affected device to spoof the Bluetooth address of a previously bonded remote device, thus successfully authenticating without knowing the link key normally used for establishing an encrypted connection.
“It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS),” a CERT Coordination Center (CERT/CC) alert reads.
Comments are closed.
