Novel link-layer Bluetooth Low Energy relay attacks that could evade mitigations and protections including encrypted link layer, detectable latency levels, and localization approaches could be performed by a new tool developed by NCC Group researchers, SecurityWeek reports.
NCC Group researchers noted that the new attack, which was tested on Tesla vehicles with a BLE-based passive entry system, could not only pass encrypted link layer PDUs but also identify and conform to encrypted connection parameter modifications.
"This system infers proximity of the mobile device or key fob based on signal strength (RSSI) and latency measurements of cryptographic challenge-response operations conducted over BLE," said NCC Group.
The same attack has been tested and found to be effective on Kevo smart locks. Tesla and Spectrum Brands HHI have already been informed about the attack, while Bluetooth SIG also noted that it was seeking to develop "more accurate ranging mechanisms" to curb such attacks.
Risk Assessments/Management, Breach, Application security, Endpoint/Device Security
Novel Bluetooth LE relay attack detailed
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds