According to the report of Carnegie Mellon’s US Computer Emergency Response Team (CERT), Apple, Google and Intel’s hardware are on the Bluetooth security risk. A potentially critical flaw is affecting Bluetooth, leaving hundreds of millions or billions of devices including tablets, laptops and basically most Bluetooth enabled devices exposed to cyber-criminals. Only a few smartphones are in the safe zone. The bug was discovered by Lior Neumann and Eli Biham of the Israel Institute of Technology and it is tracked by the number CVE-2018-5383
The risk is prone to two types of simple pairing and LE Secure Connections. The danger which the bug comes with provided hackers to intercept the transfer of files through Bluetooth pairing and could even modify the files. It could expose exchanged data, passwords typed on a keyboard, and any vital personal information.
“It is possible that some vendors may have developed Bluetooth products that support those features but do not perform public key validation during the pairing procedure. In such cases, connections between those devices could be vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic,” Bluetooth SIG said in its advisory.
“For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window,” the outfit added.
Those at risk are Apple, Google and Intel’s hardware if not updated immediately. Google has also released patches for Android and Chrome OS while Apple has issued an update while Intel recommended to upgrade the latest version of firmware to secure system from the bug.
In the report by CERT to make the system safe and secure one needs to make updates both in software and firmware. It also alerts that an unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device. The attacker can then intercept and decrypt and/or forge and inject device messages.
Along with CERT report Intel also came with an explanation on the exposing of devices to the new threat stating ‘A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth® devices. This may result in information disclosure, elevation of privilege and/or denial of service.’
For latest tech news and updates follow TechnoCodex on Facebook, Twitter, Google+. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.