Decade-old Bluetooth flaw lets hackers steal data passing between devices

Enlarge (credit: Takashi Yamamiya)

A big quantity of device makers are patching a significant vulnerability in the Bluetooth specification that makes it possible for attackers to intercept and tamper with facts exchanged wirelessly. Individuals who use Bluetooth to connect smartphones, pcs, or other stability-delicate products should make sure they install a repair as quickly as feasible.

The assault, which was disclosed in a research paper printed Wednesday, is significant since it will allow individuals to conduct a gentleman-in-the-middle assault on the link among vulnerable units. From there, attackers can look at any exchanged knowledge, which might consist of contacts saved on a unit, passwords typed on a keyboard, or delicate information and facts utilized by clinical, issue-of-sale, or automotive gear. Attackers could also forge keystrokes on a Bluetooth keyboard to open up up a command window or malicious web page in an outright compromise of the connected cell phone or laptop or computer.

Not novel

Bluetooth brings together Simple Secure Pairing or LE Safe Connections with ideas of elliptic curve mathematics to allow for units that have hardly ever connected right before to securely securely establish a top secret crucial essential for encrypted communications. The assault employs a recently created variant of what cryptographers phone an invalid curve attack to exploit a key shortcoming in the Bluetooth protocol that remained unidentified for much more than a ten years. As a outcome, attackers can power the units to use a identified encryption key that permits the checking and modifying of information wirelessly passing involving them.

Go through 5 remaining paragraphs | Responses