Few days ago The United States Computer Emergency Readiness Team (US-CERT) issued a statement informing the masses about a Bluetooth vulnerability. The fault has been seen on equipment using Qualcomm and Intel chipsets, and Broadcom devices, meaning that almost every Android and Apple user in the world could have become a victim of cybercrime. The vulnerability affects Bluetooth firmware and operating system software drivers, and it allows remote attackers to exploit it to obtain sensitive information.
Attackers within Bluetooth range of two connected devices have been able to utilize a man-in-the-middle network position allowing them to log all information exchanged between the connected devices. The vulnerability lets hackers decrypt, monitor, and even interfere with the traffic sent between the two devices. Millions of devices have been susceptible to being penetrated. A missing validation in the encryption method used in Bluetooth is named as the main reason for the vulnerability – hackers have been able to obtain the keys required to unmask information that is supposed to be encrypted.
Luckily, obtaining the keys is not possible 100% of the time, and even if the OS of one of the connected smart devices is fully up-to-date, hackers are not able to interfere with the connection. In a statement, Bluetooth SIG highlighted that for an attack to be effective, the hacker would not only need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure, but the hacker would also need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. Not a relatively easy task!
All affected vendors have issued patches to address the vulnerability. If you’ve been delaying the software update on your phone or a tablet, now is the perfect time to charge up your smart devices and leave them to perform the updates.
We remind you that Bluetooth exploits are not something unseen and such exploits could be used against you. The best way to avoid becoming a victim of cybercrime is to have quality antivirus software installed on all your smart devices, and to make sure all your devices are running the latest versions of their operations systems. Lastly, turn off your Bluetooth when you are not using it – you will decrease the chances of getting hacked, and you will increase your device battery life.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
Panda Free Antivitus
FREE TECHNICAL SUPPORT
3 comments
Nice Post as it provides what was the reason behind affected Bluetooth vulnerability on Apple iPhone. I go through whole content of your Blog it was easy to learn & understand. Thank you for sharing this relevant information with us.
Your media center is always providing a best information, keep working best every time. i am always impress to use this windows 10 help page for solving my system problems, it is so valuable and useful for finding any windows solution in free of cost.
This website will tell you if the site is down or if it’s a problem on your side. A tool like this checks the HTTP status code that is returned from the server. If it’s anything other than a 200 “Everything is OK” then it will return a down indication.