Bluetooth BIAS Attacks

May 18, 2020

In 2020 we disclosed the Bluetooth Impersonation AttackS (BIAS), a family of high impact attacks affecting Bluetooth’s authentication protocols. The attacks allow impersonating any Bluetooth device during secure session establishment without knowing the long term pairing key. The BIAS attacks are tracked with CVE-2019-9506

IEEE S&P (Oakland) 2020 Paper Teaser

IEEE S&P (Oakland) 2020 Paper Presentation

BIAS + KNOB attack against Bluetooth IACR Attacks in Crypto

From Bluetooth Standard to Standard Compliant 0-days Hardwear.io

bluetooth protocol
Daniele Antonioli
Daniele Antonioli
Assistant Professor

Research in cyber-physical and wireless system security

comments powered by Disqus

Related

Publications

D. Antonioli, M. Payer (2022). On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats. IEEE WOOT.

PDF Cite Code Project Project Slides Video CVE-2019-9506 CVE-2020-10135

D. Antonioli, N. O. Tippenhauer, K. Rasmussen (2020). BIAS: Bluetooth Impersonation AttackS. IEEE S&P.

PDF Cite Code Project Slides Video Teaser Website CVE-2020-10135

Events

BIAS and KNOB attacks against Bluetooth BR/EDR/LE
Bluetooth is a ubiquitous technology for low power wireless communications. Bluetooth runs on billions of devices including mobile, wearables, home automation, smart speakers, headsets, industrial and medical appliances, and vehicles. As a result, Bluetooth’s attack surface is huge and includes significant threats such as identity thefts, privacy violations, and malicious device control.
Aug 18, 2020 00:00 IACR WAC workshop co-located with CRYPTO 2020
BIAS and KNOB attacks against Bluetooth BR/EDR/LE