Quote:The ‘BLESA’ flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.
A team of academic researchers have discovered a Bluetooth Low Energy (BLE) vulnerability that allows spoofing attacks that could affect the way humans and machines carry out tasks. It potentially impacts billions of Internet of Things (IoT) devices, researchers said, and remains unpatched in Android devices.
The BLE Spoofing Attacks (BLESA) flaw arises from authentication issues in the process of device reconnection — an area often overlooked by security experts. Reconnections occur after two devices are connected and then one moves out of range (or disconnects) and then connects again, according to a paper published recently by researchers at Purdue University. Reconnections are common in industrial IoT environments, for example, where sensors may periodically connect to a server to transmit telemetry data, for instance, before disconnecting and going into monitoring mode.
A successful BLESA attack allows bad actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to it. In the case of IoT devices, those malicious packets can convince machines to carry out different or new behavior. For humans, attackers could feed a device deceptive information.
Read more: https://threatpost.com/bluetooth-spoofin...es/159291/
![[-]](https://www.geeks.fyi/images/collapse.png)
