More and more Internet of Things (IoT) devices are becoming at risk of ending up in the hands of cybercriminals.
According to a research paper, written by the SecuRing security`s expert, Slawomir Jasek, millions of Bluetooth-enabled devices are in danger of being hijacked by malicious actors. The paper is called GATTacking Bluetooth Smart Devices and reveals that attacks on Bluetooth 4 and Bluetooth Low Energy (LE) expose connected devices at risk.
Bluetooth LE has become one of the most preferred method of connecting two IoT devices (tablets, smartphones etc.), due to its low level of energy consumption. The connection is usually done by a specially built app running on both devices.
Last week, at the Black Hat security conference, Jasek presented a new attack on the Bluetooth LE protocol. The attack allows the cyber crooks to spoof some of the protocol`s lower levels of communications, which occur before a device has been authenticated and paired to an app via cryptographic operations. Thereby, the attacker can be the Man in the Middle (MitM) between the app and the Bluetooth LE device. To demonstrate that this case is not just a speculation and it could actually happen, Jasek developed a tool to execute such attacks. It`s called GATTacker and it`s openly-sourced on GitHub.
More detailed information about real-world scenarios where GATTacker can be used, you can find in section 4.1.1 of Jakes`s paper.
In a smart home scenario, for instance, the attacker can disconnect the user`s application from the home management system by telling the app the IoT home automation system is off, so the owner has no control over their house anymore. This tactic could also be used against anti-theft systems, security cameras etc.
Moreover, GATTacks can also be used for intercepting, injecting or overwriting commands. For example, the user sends a “lock” command to its smart cat locking system but the attacker intercepts and overwrites it to “unlock” leaving the cat ready to be stolen.
Jasek explains that the cyber crook has to be close to both the victim`s smartphone and the IoT device for the GATTack to be successful. On the other hand, if the attacked intends on infecting the smartphone with malware, they may not need to be so nearby.
According to researchers, if the manufacturers want to prevent their products from being GATTacked, they need to use random MACs properly, bonding, the BLE encryption, not to implement static passwords and beware of misconfigurations.