News

Security researcher develops tool that exploits leak in BLE locks

By admin
Spread the love

A security researcher from NCC Group has developed a tool that can bypass certain security mechanisms of Bluetooth Low Energy locks. For example, the researcher can carry out a relay attack and, for example, break into cars.

These are locks that unlock when they detect that the key is close enough. That key can be a physical key, or integrated into a smartphone app. The problem lies with how the BLE protocol prevents criminals from intercepting and amplifying a key’s signal in order to unlock locks remotely. Users of that protocol apply link layer encryption, for example, or ensure that the lock recognizes that it is an amplification attack due to the increased latency.

Researcher Sultan Qasim Khan of the British NCC Group says to have developed a tool that circumvents these measures. For example, his tool strengthens the link layer data, so that its encryption remains intact. In addition, the extra latency of his tool with 8ms falls within the margins of the BLE protocol.

According to NCC Group, the Bluetooth SIG, responsible for the Bluetooth protocol, acknowledges that there is a vulnerability in BLE and has been warning users since 2015 that such relay attacks can be performed. The Bluetooth organization therefore indicates that proximity to the key should not be the only protection measure.

At the same time, according to Khan, there are several companies, including Texas Instruments and Alps Alpine that only deploy the proximity of a BLE key as a security measure. TI and Alps Alpine develop locks for cars and buildings, for example. Khan exploited the leak in practice with a Tesla Model 3 and suspects that Model Y cars are also susceptible to the leak. Khan was able to unlock the car and drive away with it. Tesla tells Khan that relay attacks are a “known limitation” of the passive entry system. It is not known whether the leak was exploited by criminals.

Khan believes that end users should be given more information about BLE vulnerabilities and given the choice to disable proximity-based access to the BLE key. Another solution is to use Ultra-Wide Band, or UWB. With UWB, time of flight can be used to verify that the key is actually nearby. Khan also suggests that users must perform an action on their smartphone before unlocking a lock.

Tesla Model 3

You might also like
News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

‘Microsoft wants to postpone deadline for Activision Blizzard…

News

Sony and Microsoft sign agreement to keep Call of Duty on PlayStation