the Chromium logo

The Chromium Projects

Bluetooth BIAS on Chrome OS

Bluetooth BIAS on Chrome OS

(CVE-2020-10135)

Vulnerability Impact

BIAS is a group of vulnerabilities in the Bluetooth (BT) specification which allow an attacker to impersonate a BT accessory after pairing. This is considered low severity on Chrome OS as no known features rely solely on the BT accessory claiming successful authentication.

Vulnerability Description

The BT standard does not mandate mutual authentication. An attacker’s BT device can authenticate with the OS and advertise to the host OS that it is authenticated as an already paired keyboard. If the host OS does not perform a mutual authentication, but assumes that the BT device’s authentication message is legitimate, the BT device in question could be a different device than which was originally paired.

Chrome OS Response

Chrome OS has audited our BT implementation for any code that makes trust decisions based on the HCI_Authentication_Complete event. Bluetooth chipsets are encouraged to enforce mutual authentication. Chrome OS is also working on future specification changes with the Bluetooth community. Chrome OS includes the patch for CVE-2019-9506, which mitigates the risks posed by the BIAS attacks.

Affected Devices

All Chrome OS devices and versions are impacted.