Bluetooth Reconnection Issues Expands the Threat Landscape for BLESA Attack

25
BLESA attack

In past years, different battery-powered devices have moved to the Bluetooth Low Energy (BLE) adoption protocol due to the battery-saving features. This near-ubiquitous technology has discovered vulnerabilities against a newly discovered attack called BLESA attack.

The improper BLE reconnection procedure has resulted in billions of Android and iOS devices being vulnerable to the new attack, dubbed as the Bluetooth Low Energy Spoofing Attack (BLESA).

Read More: Safeguarding Facilities from Radio Frequency Cyberattacks

Two critical security flaws in the existing BLE link-layer authentication mechanism expose all Bluetooth devices to the dangerous BLESA attack – allowing the attacker to impersonate a BLE server device to provide spoofed data to some previously paired device.

Source: Cyware