Posted on 30th of September, 2020
Does the 'BLESA' Bluetooth security flaw affect my SALTO KS access control?
Among new technologies and strategies in response to recent events by the tech industry, another topic has taken the spotlight. Security researchers have recently warned of a new security vulnerability affecting Bluetooth Low Energy (BLE) devices, including smartphones, tablets, laptops and IoT devices running on BLE protocol. This is known as BLESA (Bluetooth Low Energy Spoofing Attack). As you may already know, the SALTO KS wireless network platform and Mobile Key are BLE-based technology to enable an electronic opening of a lock, instantly granting you keyless smart access.
In this blog post, we will inform you about BLESA, as well as why you need not worry about the threat affecting your access control with SALTO KS.
What is BLE?
BLE (Bluetooth Low Energy) is a compact and smart version of the traditional Bluetooth that is designed to be more energy-efficient, by conserving battery power without compromising on the connectivity.
As a result of its battery-saving features, BLE is widely integrated into many IoT and wireless smart devices.
Furthermore, to ease its adoption, BLE requires little to no user interaction for establishing a connection between two devices.
What do I need to know about BLESA?
According to research, the BLESA vulnerability manifests itself during the pairing and bonding process during which the client and the server have authentication to pair with each other’s devices.
During the authentication process, a nearby attacker can bypass reconnection verifications. This could result in spoofed data being sent to a BLE device with incorrect information, which could “induce human operators and automated processes into making erroneous decisions.”
I use the SALTO KS Mobile Key. Do I need to worry?
The authentication process of BLE technology which creates a window of vulnerability to this attack is one that SALTO Systems devices do not use during the access control platform network configuration or communications. This means that the SALTO KS Mobile Key ‘way of opening’ and daily cloud-based operations do not bear this risk.
Defence against most Bluetooth attacks usually means pairing devices in controlled environments and network architecture, but defence against BLESA is a much harder task since the attack targets the more often-occurring reconnect operation. When SALTO KS implemented BLE technology into its access control platforms to achieve smart-locking communication between the network and devices of the system, we decided to use SALTO security measures instead of standard BLE security measures, adding an additional security layer.
We did this specifically to avoid the risk of being affected by these types of attacks or technology vulnerabilities.
In summary, regarding the recent BLESA Bluetooth spoofing attacks, we assure you that this vulnerability will neither affect your use of SALTO KS access control nor your devices.
SALTO KS provides a flexible access control management system that requires no software installation or the added expense of a fully-wired electronic product. Modern cloud-based, wireless access control systems are easy and simple to use for businesses including Coworking Spaces, Coliving Buildings, Purpose Built Student Accommodation, Retail, Multi-Tenant Housing, Gyms and many more. Our best in class wireless access control solution and smart locks guarantee the efficiency for your business. Integrate smart locks, start easily managing wireless access control now!