Bluetooth security flaw could allow hackers to intercept your private data
A new Bluetooth security flaw has been discovered that could allow a hacker to intercept your communications and potentially access your private transmission.
The flaw was discovered by researchers from the Israel Institute of Technology, and it’s thought to affect devices using Bluetooth components from Apple, Broadcom, Intel and Qualcomm.
Some Android devices are also thought to be affected, ZDNet reports.
Read more: Internet security guide
The vulnerability allows an attacker to pounce while two Bluetooth devices are in the pairing process. In an ideal world, this process involves both devices validating their cryptographic keys to ensure a secure connection.
However, thanks to this flaw an attacker can use a fake public key to insert their device in between the two Bluetooth devices as they pair in what’s called a “man-in-the-middle” attack.
From there they can then inject their own messages into the Bluetooth communication, in addition to intercepting any messages that are sent.
A difficult attack to pull off
That said, it appears to be quite a difficult attack to pull off. Bluetooth SIG, the organisation in change of the wireless connectivity standard, points out that a successful attack relies on overcoming a number of specific challenges within a very small window.
Firstly, the attacker must be present locally while the two devices are pairing. Secondly they must intercept the valid public keys being exchanged by the two devices, before imitating the transmissions in order to make the two devices think they’ve successfully connected.
Despite the difficulty, any vulnerability can prove devastating in the hands of a motivated hacker, so it’s reassuring to see that manufacturers are working quickly to patch their hardware.
Intel is recommending that users upgrade to the latest version of its firmware, and Dell and Lenovo have already issued driver updates. Meanwhile, Bluetooth SIG has updated its specification to ensure that vendors close the loophole that allows this attack to occur.
It seems that this is an example of the security community acting quickly to fix a security flaw. Security researchers discovered it, and everyone appears to be on the same page as they work towards a fix.
For consumers it seems that you might not have to wait long for a fix. Be sure to keep your drivers and firmware updated to receive a fix when one is available.
What’s your most common use for Bluetooth? Let us know @TrustedReviews.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.