BIAS Attack
What is BIAS Attack?
BIAS AttackA 2020 Bluetooth Impersonation AttackS technique (CVE-2020-10135) that exploits weak authentication in BR/EDR to impersonate a previously paired peer.
BIAS, the Bluetooth Impersonation AttackS, was disclosed by Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen in May 2020 and tracked as CVE-2020-10135. The attack exploits weaknesses in Bluetooth BR/EDR secure connections, including role switching and the legacy authentication procedure, to impersonate a previously paired device without knowing the long-term link key. An attacker can pose as a trusted headset, phone, or laptop and complete authentication, then exchange data or potentially combine BIAS with KNOB (CVE-2019-9506) to also break encryption. The researchers verified the attack against 30 different Bluetooth chips from Apple, Intel, Qualcomm, Samsung, Cypress, and others. The Bluetooth SIG updated the specification to mandate mutual authentication of role switches, and OS and firmware vendors patched throughout 2020-2021.
● Examples
- 01
May 2020 IEEE S&P paper demonstrating BIAS against 30 devices from 6 chip vendors.
- 02
Chaining BIAS with KNOB to impersonate a peer and break BR/EDR session encryption.
● Frequently asked questions
What is BIAS Attack?
A 2020 Bluetooth Impersonation AttackS technique (CVE-2020-10135) that exploits weak authentication in BR/EDR to impersonate a previously paired peer. It belongs to the Attacks & Threats category of cybersecurity.
What does BIAS Attack mean?
A 2020 Bluetooth Impersonation AttackS technique (CVE-2020-10135) that exploits weak authentication in BR/EDR to impersonate a previously paired peer.
How does BIAS Attack work?
BIAS, the Bluetooth Impersonation AttackS, was disclosed by Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen in May 2020 and tracked as CVE-2020-10135. The attack exploits weaknesses in Bluetooth BR/EDR secure connections, including role switching and the legacy authentication procedure, to impersonate a previously paired device without knowing the long-term link key. An attacker can pose as a trusted headset, phone, or laptop and complete authentication, then exchange data or potentially combine BIAS with KNOB (CVE-2019-9506) to also break encryption. The researchers verified the attack against 30 different Bluetooth chips from Apple, Intel, Qualcomm, Samsung, Cypress, and others. The Bluetooth SIG updated the specification to mandate mutual authentication of role switches, and OS and firmware vendors patched throughout 2020-2021.
How do you defend against BIAS Attack?
Defences for BIAS Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for BIAS Attack?
Common alternative names include: Bluetooth Impersonation Attack, CVE-2020-10135.
● Related terms
- attacks№ 591
KNOB Attack
A 2019 protocol flaw (CVE-2019-9506) allowing an attacker to force Bluetooth BR/EDR pairings down to one byte of effective entropy, enabling brute-force decryption.
- attacks№ 111
BlueBorne
A 2017 set of Bluetooth vulnerabilities discovered by Armis that allowed remote code execution and man-in-the-middle attacks on Android, iOS, Linux, and Windows.