Home » News » General » New Bluetooth vulnerability affects all devices and could allow an attacker to snoop on your data

New Bluetooth vulnerability affects all devices and could allow an attacker to snoop on your data

By Shubham Sharma | Updated on 04-Jun-2020
New Bluetooth vulnerability affects all devices and could allow an attacker to snoop on your data
Shubham Sharma Shubham Sharma
26 Jul 2018 17:18
HIGHLIGHTS

Devices made by vendors like Apple, Intel, Broadcom, and some Android devices are reportedly affected by the Bluetooth bug.

Computer Emergency Response Team (CERT) has published a report on a serious Bluetooth vulnerability, which not only affects smartphones, but other devices like tablets, laptops and basically most Bluetooth enabled devices. The bug was discovered by Lior Neumann and Eli Biham of the Israel Institute of Technology and it is tracked by the number CVE-2018-5383. There is apparently an issue with the data encryption process when data is transferred between two devices and this allows an attacker in near vicinity to capture and decrypt the data being shared via Bluetooth. “An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device. The attacker can then intercept and decrypt and/or forge and inject device messages,” explains CERT. 

As per the report, the bug is confirmed to affect Broadcom, Intel, Apple, and Qualcomm hardware, and some other Android-powered handsets. It affects Bluetooth's both, Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software Pairing and LE Secure Connections. The problem arises because of a security weakness in key exchanges (Diffie-Hellman key exchanges) that happens when two devices establish a Bluetooth connection. 

The patch is said to be rolling out for devices and for Android, the issue is addressed with the June security patch. For macOS users, Apple has already released a patch for the vulnerability earlier this month. Microsoft is not affected by the bug. The Register’s reports that manufacturers like Lenovo and Dell are working on the patch for the issue and have posted updates in the past month and so. As Linux versions prior to 3.19 don't support Bluetooth LE Secure Connections, they are said to be unaffected by the vulnerability. The CERT article states that fixes are needed both in software and firmware. One should check if there is a software update available for their device to patch the issue.  

Shubham Sharma

Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo