Bluetooth is a great addition to our iPhone and Android phones, as well as computers and other devices. It allows us to add so much more functionality, whether it’s speakers, earbuds, keyboards, etc. But there’s also a certain danger involved. Your Bluetooth connection could be making it easier to be hacked.
The Problem with Bluetooth
Nearly all mobile devices and computers are affected by this cybersecurity flaw with Bluetooth that leaves them open to being hacked.
Carnegie Mellon’s US Computer Emergency Response Team (CERT) discovered a vulnerability that affects encrypted data over a Bluetooth connection. The encryption allows you to transfer files securely between two paired devices. The problem is it’s not really as secure as it’s supposed to be.
While the data is being encrypted, there’s a missing check on keys. The validation in the Diffie-Hellman (ECDH) key exchange is absent. The two devices that are being paired exchange the keys to block others from reading the data you’re sending from device to device.
As one of the researchers, Lior Neumann, said, “As far as we know, every Android — prior to the patch published in June — and every device with wireless chip of Intel, Qualcomm, or Broadcom is vulnerable.”
However, both devices are not required to validate the keys, and that allows hackers to wirelessly enter that process between the two devices and grab your data.
What type of data is left vulnerable depends on how you’re using your devices or computers. It might be just useless data, but it could also be something of greater importance, such as security codes.
Truthfully, CERT says it has never even logged any incidents that were related to the flaw. Nonetheless, it’s better to be safe than sorry, as they say.
The Fix
As long as one of the devices validates the process during the Diffie-Hellman key exchange, there is no concern as it protects that connection, leaving no vulnerability. It was left to the smartphone and hardware companies themselves to fix this vulnerability with security patches.
Apple struck quickly. They updated macOS El Capitan and later and also added the fix to iOS 11.4 for iPhones and other iOS devices.
Intel has already fixed this problem as well. They updated the Bluetooth drivers for Windows 7, 8.1, and 10.
A spokesperson for Google said they have “remediated the issue with updates to both ChromeOS and Android.”
However, for these fixes to be effective, you need to update your system. Whether you have an iPhone, Android, Mac, or PC, you need to update your system to be sure it doesn’t fall to this vulnerability and leave you open to being hacked.
Conclusion
We can be thankful of a few things. For one, device and hardware manufacturers were quick to act once this vulnerability was found. For another, there have been no known hackings with respect to the Bluetooth.
But that doesn’t mean you can let your guard down. The more the vulnerability becomes known, the more hackers will try to tune into it. It’s better to protect yourself now before anything bad happens.
Would you have ever thought such a data breach would be possible through your Bluetooth connection? Let us know what you think in the comments section below the article.
