New Bluetooth vulnerability affects all devices and could allow an attacker to snoop on your data

By Shubham Sharma | Published on 26 Jul 2018
New Bluetooth vulnerability affects all devices and could allow an attacker to snoop on your data
HIGHLIGHTS

Devices made by vendors like Apple, Intel, Broadcom, and some Android devices are reportedly affected by the Bluetooth bug.

Advertisements

Working from home?

Don’t forget about the most important equipment in your arsenal

Click here to know more

Computer Emergency Response Team (CERT) has published a report on a serious Bluetooth vulnerability, which not only affects smartphones, but other devices like tablets, laptops and basically most Bluetooth enabled devices. The bug was discovered by Lior Neumann and Eli Biham of the Israel Institute of Technology and it is tracked by the number CVE-2018-5383. There is apparently an issue with the data encryption process when data is transferred between two devices and this allows an attacker in near vicinity to capture and decrypt the data being shared via Bluetooth. “An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device. The attacker can then intercept and decrypt and/or forge and inject device messages,” explains CERT. 

As per the report, the bug is confirmed to affect Broadcom, Intel, Apple, and Qualcomm hardware, and some other Android-powered handsets. It affects Bluetooth's both, Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software Pairing and LE Secure Connections. The problem arises because of a security weakness in key exchanges (Diffie-Hellman key exchanges) that happens when two devices establish a Bluetooth connection. 

The patch is said to be rolling out for devices and for Android, the issue is addressed with the June security patch. For macOS users, Apple has already released a patch for the vulnerability earlier this month. Microsoft is not affected by the bug. The Register’s reports that manufacturers like Lenovo and Dell are working on the patch for the issue and have posted updates in the past month and so. As Linux versions prior to 3.19 don't support Bluetooth LE Secure Connections, they are said to be unaffected by the vulnerability. The CERT article states that fixes are needed both in software and firmware. One should check if there is a software update available for their device to patch the issue.  

logo
Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status