A new Bluetooth relay attack makes it easier than ever for hackers to remotely unlock and control automobiles, break through smart locks in homes, and breach protected areas. The flaw is related to deficiencies in the existing implementation of Bluetooth Low Energy (BLE), a wireless technology used to authenticate Bluetooth devices that are physically within proximity.
“An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack,” U.K.-based cybersecurity company NCC Group said. “This may enable unauthorized access to devices in BLE-based proximity authentication systems.”
Relay attacks, also known as two-thief attacks, are a type of person-in-the-middle attack in which an attacker intercepts communication between two parties, one of whom is also an attacker, and transmits it to the target device without altering it. While multiple mitigations have been established to avoid relay attacks, such as setting response time restrictions during data transmission between two BLE-enabled devices and using triangulation-based localization algorithms, the novel relay attack can circumvent these efforts.
According to the business, this technique can avoid traditional relay attack mitigations such as latency limiting or link-layer encryption and localization protections often employed against relay attacks that involve signal amplification. To protect against link-layer relay attacks, the researchers propose that critical fobs and other devices be authenticated using more than simply inferred proximity.
This might include changing apps to require user activity on a mobile device to allow unlocks and blocking the function based on accelerometer readings after a user’s device has been immobile for more than a minute. The Bluetooth Special Interest Group (SIG) recognized that relay attacks are a known concern after being notified of the results on April 4, 2022. The standards organization is now working on “more accurate ranging mechanisms.”
