Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars

A novel Bluetooth relay attack can let cybercriminals more
easily than ever remotely unlock and operate cars[1], break open residential smart
locks[2], and breach secure
areas.

The vulnerability has to do with weaknesses in the current
implementation of Bluetooth Low Energy (BLE), a wireless technology
used for authenticating Bluetooth devices that are physically
located within a close range.

“An attacker can falsely indicate the proximity of Bluetooth LE
(BLE) devices to one another through the use of a relay attack,”
U.K.-based cybersecurity company NCC Group said[3]. “This may enable
unauthorized access to devices in BLE-based proximity
authentication systems.”

Relay attacks[4], also called two-thief
attacks, are a variation of person-in-the-middle attacks in which
an adversary intercepts communication between two parties, one of
whom is also an attacker, and then relays it to the target device
without any manipulation.

While various mitigations have been implemented to prevent relay
attacks, including imposing response time limits during data
exchange between any two devices communicating over BLE and
triangulation-based localization techniques, the new relay attack
can bypass these measures.

“This approach can circumvent the existing relay attack
mitigations of latency bounding or link layer encryption, and
bypass localization defenses commonly used against relay attacks
that use signal amplification,” the company said.

CyberSecurity

To mitigate such link layer relay attacks, the researchers
recommend requiring additional checks beyond just inferred
proximity to authenticate key fobs and other items.

This could range from modifying apps to force user interaction
on a mobile device to authorize unlocks and disabling the feature
when a user’s device has been stationary for over a minute based on
accelerometer readings.

After being alerted to the findings on April 4, 2022, the
Bluetooth Special Interest Group (SIG[5]) acknowledged that relay
attacks are a known risk and that the standard body is currently
working on “more accurate ranging mechanisms.”

References

  1. ^
    unlock
    and operate cars     (research.nccgroup.com)
  2. ^
    break
    open residential smart locks
    (research.nccgroup.com)
  3. ^
    said
    (research.nccgroup.com)
  4. ^
    Relay
    attacks     (en.wikipedia.org)
  5. ^
    SIG
    (en.wikipedia.org)

Read more