Bluetooth Protocol Vulnerability Without the User’s Perception

China University of Science and Technology discovered an important security vulnerability in the Bluetooth protocol, and iOS/Android/Hongmeng devices cannot hide.

According to the official news of the University of Science and Technology of China, recently, the team of Professor Xue Kaiping of the School of Cyberspace Security of the University of Science and Technology of China has made important progress in the research of Bluetooth security for mobile devices. The team members have achieved an effective attack on the target device through the Bluetooth protocol vulnerability without the user’s perception, interaction, and malicious program cooperation .

Relevant research results were published at the ACM Conference on Computer and Communications Security 2022 (CCS 2022), the top conference in the field of network security, and won the Best Paper Honorable Mention award of the conference. During the research process, 7 high-risk vulnerabilities and 2 medium-risk vulnerabilities related to the Bluetooth protocol discovered in this research were graded and included by the National Information Security Vulnerability Sharing Platform (CNVD).

According to reports, this research conducted security analysis on the classic Bluetooth protocol, and discovered for the first time security vulnerabilities such as non-fixed roles of Bluetooth devices. Combined with known Bluetooth protocol vulnerabilities, it successively broke through various defense mechanisms such as classic Bluetooth authentication, encryption, and authorization. Without the user’s perception and interaction and without the cooperation of malicious programs, the privilege escalation attack link is silently built, and the link is used to complete attacks such as command injection and information theft on the target device.

This research conducted extensive tests on various smart devices with mainstream operating systems such as Android, iOS, iPadOS, macOS, and HarmonyOS, and found relevant vulnerabilities in all tested devices and completed the attack process .

Naija Tech News learned that Ai Mingrui, a doctoral student from the School of Cyberspace Security, is the first author of the paper, and Professor Xue Kaiping from the School of Cyberspace Security is the corresponding author of the paper. The co-authors of the paper include Professor Robert, Professor Yu Nenghai, Researcher Sun Qibin from the School of Cyberspace Security, Professor Wu Feng from the School of Information Science and Technology, etc.