Apple is held in high regard when it comes to user data privacy and security. However, even Apple products aren’t foolproof and we get to see some vulnerabilities from time to time. A new report states that some iPad, iPhone, and Mac models are vulnerable to short-range attacks via Bluetooth.
The Bluetooth attack involves fooling some Apple devices into thinking that they’re connected to a previously connected, trusted device. This would enable an attacker to request or send data via Bluetooth. However, the same vulnerability is also found in chips made by Intel, Qualcomm, and Samsung, which means a wide-range of non-Apple devices are also affected by this bug.
The vulnerability uses a technique that involves impersonating a previously-paired device and is known as Bluetooth Impersonation AttackS (BIAS). Such type of device allows attackers to pose their device as a master or a slave, which makes it even more dangerous. The target device can be asked to send data or accept data (from devices like keyboards).
Any device that supports the Bluetooth Classic protocol is vulnerable to this type of attack. Some vulnerable Apple devices include iPhone 8 or older devices, 2018 or older iPads, and 2017 or older MacBook Pro laptops. Such short-range Bluetooth attacks can be carried out using dirt-cheap hardware like Raspberry Pi.
A device could pose to be a previously-connected device and has support for only the lowest level of Bluetooth security, which is unilateral authentication. Once a vulnerable device agrees to be in-charge of authentication, the attacker sends another request so that it can take control of authentication through role switching. Due to a bug in this protocol, the vulnerable device just agrees to the request and trusts the attacking device.
The research team that found the bug has reported it to the Bluetooth SIG (Bluetooth governing body) in December 2019. It held back on publicly reporting the vulnerability so that workarounds could be developed in the meantime. You can watch the video below to know more about BIAS.
The Bluetooth vulnerability seems pretty simple, and even cheaper hardware could be used to attack vulnerable devices. So, if you want to stay safe from such short-range attacks, it’s best to keep your Bluetooth connection turned off when you’re not using it, especially if you’re using the listed vulnerable products.