Bluetooth vulnerabilities becoming easier to exploit
Codenomicon warns consumers about the poor quality and security of Bluetooth equipment.
Based on Codenomicon’s robustness test results using smart model based fuzzing tools, 80% of all the tests against various Bluetooth devices find critical issues. Every device failed with at least one test suite against a critical communication profile.
“Together with our partners, we have tested over ten different Bluetooth-enabled carkits this year,” says Ari Takanen, CTO of Codenomicon. “We found critical issues in all of them.”
Bluetooth is particularly vulnerable against malformed input. Malformed input may cause Bluetooth device operation to slow down, or device may show unusual behavior or crash completely.
In a worst case scenario, malformed input can be used by an outside attacker to gain unauthorized access to the Bluetooth device.
When vulnerabilities are in low-level communication profiles such as L2CAP, they are not protected by the pairing process. These critical flaws can be exploited without the user accepting or even noticing the connection.
So far, Bluetooth quality and security has not been perceived as a problem. The pairing process and conformance testing is thought to provide enough protection. Bluetooth applications have not offered access to confidential information so there has been little motivation to attack the Bluetooth interface.
However, Bluetooth is becoming more and more critical. Modern carkits and healthcare equipment for example use Bluetooth technology. When the number of critical applications increases, the importance of equipment robustness and reliability grows.
“Bluetooth is mostly used in consumer products and consumers tend to buy the cheaper rather than the best quality product. Unless customers require testing there is no requirement for the manufacturers to build secure code,” concludes Takanen. “Hopefully test reports such as ours will help change the market behavior which will eventually result in Bluetooth equipment we can trust.”