New Bluetooth bug can allow nearby hackers to monitor and steal your data
HYDERABAD:Keep your Bluetooth switched off and your smart phones upgraded as a Bluetooth bug has been detected putting millions of Android and iPhones at the risk of getting hacked.
The bug, tracked as CVE-2018-5383, could allow an attacker within 30m to capture and decrypt data shared between Bluetooth-paired devices of not just Android and iPhones but also other big players such as Microsoft, Qualomm Incorporated, Intel and others.
The flaw was identified by researchers at Israel Institute of Technology and later came into the public eye when flagged by Carnegie Mellon University CERT. The researchers found that a hacker could bypass the public key received when pairing with a new device by blocking the signal and injecting a malicious bug within a narrow time frame.
“In such cases, connections between those devices could be vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic,” Bluetooth SIG said in a release.
Clarifiying the threat further, Srinivas Kodali, an independent security researcher from Hyderabad, said, “The attacker needs to be in a close proximity for the attack and he/she can intercept any kind messages transmitted between the two Bluetooth devices.” That message could be something as safe as notifications to a potential-security hazard like security codes used in two-factor authentication of your social media.
Bluetooth bug can be fixed in Apple phones
Since the attack has come to the fore, Bluetooth has released some updates to remedy the vulnerability. “Bluetooth SIG has now updated the Bluetooth specification to require products to validate any public key received as part of public key-based security procedures. In addition, the Bluetooth SIG has added testing for this vulnerability within our Bluetooth Qualification Program.”
As of now, fixes for this bug are available for Apple devices and two Android vendors -- Huawei and LG. If your phone is not either of them, Mcafee Antivirus has urged consumers to turn off Bluetooth unless one needs to use it. Gary Davis, a Mcafee security official also urged to update smartphone’s system software.
“It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version.
Patches for iOS and some Android manufacturers are already available, but if your device isn’t on the list, fear not – security patches for additional providers are likely on their way.”