security

New Bluetooth security flaws put billions of devices at risk – HardwareZone


New Bluetooth security flaws put billions of devices at risk

A new Bluetooth security flaw puts billions of devices at risk. <br>Image source: Bluetooth Special Interest Group

Two new Bluetooth security flaws could put your billions of smartphones, notebooks, and tablets at risk.

Researchers at EURECOM discovered two previously unknown flaws that affect Bluetooth at a fundamental level. They developed six new methods, collectively named BLUFFS, to launch a brute-force attack on Bluetooth encryption keys between two devices. 

Essentially, these techniques enable attackers to employ man-in-the-middle type attacks to intercept Bluetooth communications between two devices. Once the brute-force attack is successful, the hacker can spoof the devices to decrypt past communication or manipulate future communications.

To find out how the BLUFFS exploit works in greater detail, click here (warning: very technical).

EURECOM says the security flaws impact Bluetooth 4.2 (released in 2014) and all versions up to Bluetooth 5.4, which was released in February 2023. In other words, billions of devices could be exposed to this risk.

The Bluetooth Special Interest Group (SIG), which oversees the Bluetooth standard, acknowledged EURECOM’s findings and issued a security bulletin urging companies who use Bluetooth in their products to adhere to strict security protocols to protect against this exploit. 

Source: Bleeping Computer, SIG via Android Authority





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.