cispa_all_3064.pdf (432.89 kB)

BIAS: Bluetooth Impersonation AttackS

Download (432.89 kB)
conference contribution
posted on 2023-11-29, 18:12 authored by Daniele Antonioli, Nils Ole TippenhauerNils Ole Tippenhauer, Kasper Rasmussen
Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key. Those procedures are used during pairing and secure connection establishment to prevent impersonation attacks. In this paper, we show that the Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment. Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade. We describe each vulnerability in detail, and we exploit them to design, implement, and evaluate master and slave impersonation attacks on both the legacy authentication procedure and the secure authentication procedure. We refer to our attacks as Bluetooth Impersonation AttackS (BIAS). Our attacks are standard compliant, and are therefore effective against any standard compliant Bluetooth device regardless the Bluetooth version, the security mode (e.g., Secure Connections), the device manufacturer, and the implementation details. Our attacks are stealthy because the Bluetooth standard does not require to notify end users about the outcome of an authentication procedure, or the lack of mutual authentication. To confirm that the BIAS attacks are practical, we successfully conduct them against 31 Bluetooth devices (28 unique Bluetooth chips) from major hardware and software vendors, implementing all the major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR.


Preferred Citation

Daniele Antonioli, Nils Tippenhauer and Kasper Rasmussen. BIAS: Bluetooth Impersonation AttackS. In: IEEE Symposium on Security and Privacy (S&P). 2020.

Primary Research Area

  • Secure Connected and Mobile Systems

Secondary Research Area

  • Threat Detection and Defenses

Name of Conference

IEEE Symposium on Security and Privacy (S&P)

Legacy Posted Date


Open Access Type

  • Green


@inproceedings{cispa_all_3064, title = "BIAS: Bluetooth Impersonation AttackS", author = "Antonioli, Daniele and Tippenhauer, Nils Ole and Rasmussen, Kasper", booktitle="{IEEE Symposium on Security and Privacy (S&P)}", year="2020", }

Usage metrics


    No categories selected


    Ref. manager