LOADING...
Log in and
comment
Username or Email
Password
Forgot password?
Or
Join and
publish
You're almost done! Define a user name and password.
Username
Email
Password
Senha
» Tip Us Hey you, we are hiring! Join us if you are an author, developer or designer!

Bluetooth vulnerability found on devices could attract attackers to intercept

27 July 2018 4

Many Bluetooth-enabled devices are under serious threat that could invite a remote attacker. According to CERT, this is a serious security vulnerability that if neglected could attract man-in-the-middle attack which may determine the cryptographic keys used by the two devices while transferring of the data. The attacker can then intercept and decipher or forger and inject device messages.

This serious security vulnerability isn’t just limited to smartphones but found in the wide range of Bluetooth-enabled devices including the PCs, tablets, and other devices.

The issue resides within the data encryption process when information is transferred from one device to another. There’s a missing check in the keys (Diffie-Hellman key exchange), so an attacker can intercept easily.

According to CERT's report, all devices that use Qualcomm, Intel or Broadcom chips are vulnerable. Those who have applied the security patch since June are under no threat but who haven’t updated till now should be more cautious. They should install the latest software update as soon as it becomes available.

CERT also writes "Bluetooth device users are encouraged to consult with their device vendor for further information."

As the vulnerability is identified, the Bluetooth specifications have been updated by Bluetooth SIG. So, a remedy to the vulnerability has been issued from a specification perspective. The Bluetooth SIG has added testing for this vulnerability within its Bluetooth Qualification Program as well. Bluetooth SIG has released a public statement as well which you can read from the link provided below.

According to CERT’s report, the status of Microsoft and RSA Security LLC is written “Not Affected,” while Apple and Google vendors’ products are affected.


4

Comments

Join our community » Bluetooth vulnerability found on devices could attract attackers to intercept
Android

Top 5 best bezel-less smartphones | February 2019

Android

Top 5 Compact smartphones available for purchase in January 2019

Android

Best dual front camera smartphones | February 2019

Android

Top 5 pocket friendly tablets under $200 in 2018