The findings were shared by researchers at the Black Hat USA 2020 virtual event.
There is probably no such mobile device that doesn’t include a Bluetooth feature. Bluetooth is a short-range wireless connection feature that’s an integral element of modern-day cellphones. However, just like it happens with every other cellphone component, even Bluetooth technology has been a target of hack attacks now and then.
With attacks like BlueBorne, KNOB, or BadBlueTooth, cybercriminals have tried to exploit handheld devices to fulfill their nefarious objectives. Now, we can add another Bluetooth vulnerability to this list- BlueRepli.
One of the attacks is dubbed BlueRepli, through which an attacker can bypass Bluetooth authentication on Android devices without detection or requiring any user input. Through BlueRepli, it is possible to steal sensitive data from an Android device, including call records, contacts, and SMS verification codes. Moreover, attackers can send fake SMS messages to the user’s contacts.
The researchers showed their recorded demo videos to demonstrate how they could abuse Bluetooth to steal the entire Phone Book and SMS messages from their targeted device. Through BlueRepli, attackers can bypass authentication by merely imitating as a device that was previously connected with the targeted device. This attack doesn’t require permission from the user for the exploit to work.
For the other attack they discovered, attackers have to target Bluetooth protocols. They can disguise as a trusted application to request permissions that let one Bluetooth device share data with another device, such as a vehicle’s infotainment system.
This attack can only be successful if both the devices have enabled Bluetooth communication, and the victim has approved the attacker’s request for privilege escalation. For in-depth technical details download or visit the PDF link here.
Researchers attending the event noted that these attacks do not work on iOS devices. They also revealed that this zero-day vulnerability results from negligence at part of a particular mobile phone manufacturer, which has made around 100 million Android devices and some inherent security risks in the Android Open Source Project (AOSP).
Surprisingly, the researchers notified Google and ASOP about the Bluetooth vulnerability, but the issue is still there. Google’s spokesperson stated that the company is still developing a patch to fix these issues.
This should not come as a surprise since Google has a history of delaying patches or even getting rid of malicious apps and extensions. Last month, Google was warned about the presence of 6 malicious Chrome extensions carrying ad fraud against 80 million users yet some of the extensions are still available on Chrome web store.