BIAS: Bluetooth Impersonation AttackS
- Submitting institution
-
University of Oxford
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 12529
- Type
- E - Conference contribution
- DOI
-
10.1109/sp40000.2020.00093
- Title of conference / published proceedings
- 2020 IEEE Symposium on Security and Privacy (SP)
- First page
- 549
- Volume
- 2020-May
- Issue
- -
- ISSN
- 1081-6011
- Open access status
- Exception within 3 months of publication
- Month of publication
- July
- Year of publication
- 2020
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
2
- Research group(s)
-
-
- Citation count
- 0
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This paper exposes possible attacks on the Bluetooth device authentication mechanism, enabling an attacker to impersonate even a previously paired device. This critical vulnerability allows a malicious party to masquerade as a legitimate one, compromising secure communication between Bluetooth devices. Following our responsible disclosure, the Bluetooth SIG (the industry standards body) issued a statement outlining changes to the core standard to address this vulnerability. NIST has given the vulnerability a new CVE number (CVE-2020-10135), and CERT has issued their own statement detailing which major vendors are affected; these include Apple, Broadcom, Cypress Semiconductor, Intel, QUALCOMM, and Samsung.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -