Advertisment

Bluetooth Security Vulnerability : How your devices are at risk

A freshly highlighted vulnerability in Bluetooth, confirmed by could sanction an unauthenticated malicious attacker in the proximity of affected devices

author-image
CIOL Bureau
New Update
Bluetooth Security

A freshly highlighted vulnerability in Bluetooth, confirmed by could sanction an unauthenticated malicious attacker in the proximity of affected devices to intercept, monitor and manipulate the data they exchange.

Advertisment

The vulnerability

The vulnerability which has been labeled as CVE-2018-5383 has been confirmed by Carnegie Mellon University's CERT. The loophole affects several Apple, Broadcom, Intel, and Qualcomm devices. Select Android handsets may also be affected. Microsoft has not been included in the list of affected companies, as the technology giant has reportedly not yet integrated the new Bluetooth version 4.2, the affected version, into its devices is affected by this flaw.

The vulnerability can be taken advantage of within Bluetooth's SSP (Secure Simple Pairing) and Low Energy Secure Connections. Favorably for macOS users, Apple released a patch before the public awareness of the vulnerability spread, as per news reports.

Advertisment

What is being done?

Special Interest Group, the guardians of Bluetooth are now working on updating the specification of the framework and will require devices to validate any and all public keys received, as a component of the key-based security procedures.

Comments from Farrhad Acidwalla, media entrepreneur and founder of CYBERNETIV- Forward Thinking Enterprise Security & Research:

Advertisment

While there are no confirmed mass reports of the newly discovered Bluetooth vulnerability being exploited on scale. This vulnerability could be taken of advantage of silently if consumers are not using the patched version over time. As Bluetooth is a globally used framework, it's a very attractive target for hackers and its scale and widespread makes it a very valuable vulnerability.

What worries analysts is that a plethora of devices such as smart watches, wireless keyboards use Bluetooth at their very core. Hypothetically an attacker can sniff keystrokes from an affected keyboard, read banking notifications on a smartwatch and much more. As this is not the first time Bluetooth has been hit by a critical vulnerability it illustrates that security awareness amongst consumers is the need of the hour.

bluetooth security