Mobile applications that work with Bluetooth devices have a built-in design flaw that makes them vulnerable to hacks, a new research study revealed.
According to Zhiqiang Lin, associate professor at The Ohio State University, Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are susceptible to hacking when they communicate with their paired apps. This is due to the universally unique identifier (UUID), which allows the mobile apps to recognize the Bluetooth device, leaving the device vulnerable to a fingerprinting attack.
“There is a fundamental flaw that leaves these devices vulnerable – first when they are initially paired to a mobile app, and then again when they are operating,” Lin explained.
The professor revealed that while the scale of the vulnerability varies, it remains to be consistent concern among Bluetooth Low Energy devices that may lead to tons of possible security problems.
“At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps,” Lin said. “But in some cases in which no encryption is involved or encryption is used improperly between mobile apps and devices, the attacker would be able to ‘listen in’ on your conversation and collect that data.”
To identify how widespread the vulnerability is, the researchers developed a hacking device called a “sniffer” and toured around the university’s 1.28 square-mile campus. The experiment resulted in the discovery of about 5,800 Bluetooth Low Energy devices, of which, 94.6% were able to be “fingerprinted” (or identified) by an attack.
In addition to this, the team also identified 1,434 apps in Google Play that can allow unauthorized access to one’s device.
“The typical understanding is that Bluetooth Low Energy devices have signals that can only travel up to 100 meters,” the professor said. “But we found that with a simple receiver adapter and amplifier, the signal can be ‘sniffed’ (or electronically found) much farther – up to 1,000 meters away.”
In response to the discovered flaw, Lin and his team provided recommendations to app developers and to Bluetooth industry groups.
“It was in the initial app-level authentication, the initial pairing of the phone app with the device, where that vulnerability existed. If app developers tightened defenses in that initial authentication, he said, the problem could be resolved,” Lin concluded.