CAPEC-667
Bluetooth Impersonation AttackS (BIAS)
Description
An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the targetâs capabilities.
Prerequisites
Knowledge of a target device's list of trusted connections.
Mitigations
Disable Bluetooth in public places.
Verify incoming Bluetooth connections; do not automatically trust.
Change default PIN passwords and always use one when connecting.
Skills Required
[Low] Adversaries must be capable of using command line Linux tools.
[Low] Adversaries must be in close proximity to Bluetooth devices.