
BIAS: Bluetooth Impersonation AttackS - aspenmayer
https://francozappa.github.io/about-bias/
======
aspenmayer
In the news:

[https://www.zdnet.com/article/smartphones-laptops-iot-
device...](https://www.zdnet.com/article/smartphones-laptops-iot-devices-
vulnerable-to-new-bias-bluetooth-attack/)

‘TL;DR: The Bluetooth standard provides authentication mechanisms based on a
long term pairing key, which are designed to protect against impersonation
attacks. The BIAS attacks from our new paper demonstrate that those mechanisms
are broken, and that an attacker can exploit them to impersonate any Bluetooth
master or slave device. Our attacks are standard-compliant, and can be
combined with other attacks, including the KNOB attack. In the paper, we also
describe a low cost implementation of the attacks and our evaluation results
on 30 unique Bluetooth devices using 28 unique Bluetooth chips.‘

