Over the last few months, a new security flaw called BLESA, has been discovered, with the potential to harm electronic devices that work with a Bluetooth wireless connection. In this post, we explain what this technological vulnerability consists of and why it does not affect Omnitec access control devices, electronic locks or safes.
What is BLESA and who does it affect?
BLESA (Bluetooth Low Energy Spoofing Attack) results from a flaw allowing identity theft and affects some technological devices operating with the Bluetooth low energy (BLE) standard.
The main advantage of the BLE protocol is that it facilitates energy optimisation in devices connected to each other wirelessly, thus increasing battery life and allowing greater autonomy, as well as lower consumption of electricity.
Because of this, BLE has been incorporated into electronic devices on a large scale for both private and professional uses, including smartphones, tablets, laptops and a wide range of IoT devices. The BLESA security flaw has the potential to be harmful for all of these computers.
How does BLESA work?
The vulnerability affecting the low energy version of Bluetooth occurs during the most sensitive phase of BLE: that of client-server pairing. It must be remembered that one of the devices involved in the communication works as a transmitter while the rest act as receivers of the wireless signal.
At this stage, the devices are connected to each other by the server authenticating the client as long as they are close to each other. The problem arises when the client moves out of range of the server and re-enters later; that is, in the reconnection phase. At this point, authentication is no longer mandatory but becomes optional.
This lack of authentication is what allows BLESA-type attacks to penetrate the system's protective barrier with falsified data, causing actions and operating processes that are detrimental to the security of people and companies, such as fraudulent online purchases, theft of passwords and personal data or entry of unauthorised personnel in restricted areas.
Why are Omnitec access control systems safe from BLESA?
Fortunately, BLESA does not affect all devices that use BLE, since only the vulnerabilities that allow it have been detected in certain variants of this protocol.
In addition, Omnitec access control devices, electronic locks and safes using BLE have an additional layer of encryption throughout the data transmission process; protecting critical processes that could be threatened by cyberattacks such as BLESA. Therefore, our people flow management systems are totally safe against these types of threats.
Thus, the extra layer of security provided by the encryption of communications between the devices means no-one can intercept data from access control systems such as Opak or Digit Hotel, resulting in 100% reliability for any establishment wishing to manage the passage of people to and from their premises safely.
Where do access control systems operate?
Access control systems are especially suitable for entrances to buildings from public places and for common areas in all types of establishments, such as hotels, rental and holiday homes, work areas and cultural, leisure, sporting and institutional premises.
If you are interested in implementing any of these access control systems in your company, do not hesitate to contact us. We will advise you on everything you need to guarantee maximum control and security in your premises.