A new Bluetooth relay attack allows cybercriminals to hack into more places Internet-based hackers can unlock and operate vehicles , , and open smart locks at home.
The vulnerability is due to weaknesses in the current implementation Bluetooth Low Energy (BLE). BLE, a wireless technology that authenticates Bluetooth devices physically within close proximity of each other.
“An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack,” U.K.-based cybersecurity company NCC Group said. “This may enable unauthorized access to devices in BLE-based proximity authentication systems. “
Relay attacks, also called two-thief attacks, are a variation of person-in-the-middle attacks in which an adversary intercepts communication between two parties, one of whom is also an attacker, and then relays it to the target device without any manipulation.
While mitigations were put in place to stop relay attacks (e.g., imposing time limits for data exchange over BLE or triangulation-based location techniques), the new attack on relay can circumvent these limitations.
” This approach is able to bypass the existing mitigations for relay attacks of latency binding or link layer encryption and bypass localization defenses often used against relay attackers that use signal amplification,” the company stated.
To mitigate such link layer relay attacks, the researchers recommend requiring additional checks beyond just inferred proximity to authenticate key fobs and other items.
This could range from modifying apps to force user interaction on a mobile device to authorize unlocks and disabling the feature when a user’s device has been stationary for over a minute based on accelerometer readings.
After being alerted to the findings on April 4, 2022, the Bluetooth Special Interest Group (SIG) acknowledged that relay attacks are a known risk and that the standard body is currently working on “more accurate ranging mechanisms. “