Few days ago The United States Computer Emergency Readiness Team (US-CERT) issued a statement informing the masses about a Bluetooth vulnerability. The fault has been seen on equipment using Qualcomm and Intel chipsets, and Broadcom devices, meaning that almost every Android and Apple user in the world could have become a victim of cybercrime. The vulnerability affects Bluetooth firmware and operating system software drivers, and it allows remote attackers to exploit it to obtain sensitive information.
Attackers within Bluetooth range of two connected devices have been able to utilize a man-in-the-middle network position allowing them to log all information exchanged between the connected devices. The vulnerability lets hackers decrypt, monitor, and even interfere with the traffic sent between the two devices. Millions of devices have been susceptible to being penetrated. A missing validation in the encryption method used in Bluetooth is named as the main reason for the vulnerability – hackers have been able to obtain the keys required to unmask information that is supposed to be encrypted.
Luckily, obtaining the keys is not possible 100% of the time, and even if the OS of one of the connected smart devices is fully up-to-date, hackers are not able to interfere with the connection. In a statement, Bluetooth SIG highlighted that for an attack to be effective, the hacker would not only need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure, but the hacker would also need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. Not a relatively easy task!
All affected vendors have issued patches to address the vulnerability. If you’ve been delaying the software update on your phone or a tablet, now is the perfect time to charge up your smart devices and leave them to perform the updates.
We remind you that Bluetooth exploits are not something unseen and such exploits could be used against you. The best way to avoid becoming a victim of cybercrime is to have quality antivirus software installed on all your smart devices, and to make sure all your devices are running the latest versions of their operations systems. Lastly, turn off your Bluetooth when you are not using it – you will decrease the chances of getting hacked, and you will increase your device battery life.