BIAS Attacks

May 18, 2020

The Bluetooth Impersonation AttackS (BIAS) exploits standard-compliant vulnerabilities in the Bluetooth authentication procedures. The attacks allow an attacker to impersonate any Bluetooth master and slave device during secure session establishment without knowing the long term pairing key. The attacks work regardless of the Bluetooth security mode (legacy and secure authentication procedures), and hardware and software implementation details. The BIAS attack is listed as CVE-2019-9506

Teaser

Presentation at IEEE S&P 2020

protocol bluetooth bias
Daniele Antonioli
Daniele Antonioli
Postdoc at EPFL

I’m interested in cyber-physical and wireless systems security.

comments powered by Disqus

Related

Publications

D. Antonioli, N. O. Tippenhauer, K. Rasmussen (2020). BIAS: Bluetooth Impersonation AttackS. IEEE S&P.

PDF Code Project Slides Video Teaser Website CVE-2020-10135

Talks

BIAS and KNOB attacks against Bluetooth BR/EDR/LE

BIAS + KNOB attack against Bluetooth:
Aug 18, 2020 00:00 IACR WAC workshop co-located with CRYPTO 2020
Project Project Slides Video