New Bluetooth Flaw Can Allow Hackers to Access Your Data

Hackers can access information by breaching a Bluetooth connection. Here’s all you need to know.

The Quint
Tech News
Published:
The device can be hacked if it is within 30 metres of the hacker.
i
The device can be hacked if it is within 30 metres of the hacker.
(Photo: Reuters)

advertisement

Smartphone users with Bluetooth connectivity now have another thing to worry about as a new flaw has been discovered that makes smartphones and devices running on Bluetooth vulnerable to hacks.

Lior Neumann and Eli Biham of the Israel Institute of Technology were the first to find the flaw. It was later flagged by the Carnegie Mellon University CERT. According to the research, Bluetooth components from Apple, Broadcom, Intel and Qualcomm have been affected. ZDNet reports that some Android devices have also been affected.

How Hackers Can Access Your Mobile Data

Devices must be paired for Bluetooth to work.  (Photo: iStockphoto)

When two users are trying to connect using Bluetooth, they need to validate their cryptographic keys to enable a secure connection. This flaw allows an attacker to create a fake public key to insert their device in between the two Bluetooth devices so as to trick a user into giving access. This way, the hacker can inject their own messages and gain access to any sensitive information the user might have – usually referred to as the man-in-the-middle attack.

ADVERTISEMENT
ADVERTISEMENT

Is Hacking the Device That Easy?

As per the ZDNet report, the flaw, which is being tracked as CVE-2018-5383, affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections.

The primary reason this flaw occurs is because some smartphone vendors' Bluetooth implementations do not properly validate the cryptographic key exchange when Bluetooth devices are trying to pair.

Hackers build a false Bluetooth connection to coax users into sharing private data. (Photo: iStock)
The process of hacking is not easy, as the hacker needs to be in a 30-meter radius for the hack to be a successful one.

The hacker must also be able to intercept the valid public keys being exchanged by the two Bluetooth devices, before imitating the transmissions. Basically, he needs to make sure that he intercepts a valid connection request by both the users so that the hacker can make both the users think that they have connected.

Is There a Fix?

Apple announced a fix for this when it released a patch for the flaw in July. Microsoft has said the Windows systems aren't affected directly, but the report suggests that there are many wireless chip modules for Windows 7, 8.1, and 10 products that come in the list of affected modules.

Users have been told to upgrade to the latest firmware and also check with vendors if they have any updates. Dell and Lenovo have released new drivers to fix this flaw in Intel software, with others working on their updates to fix the flaw.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: undefined

ADVERTISEMENT
SCROLL FOR NEXT