Amaya Toman This week, alarming news about a vulnerability in the Bluetooth protocol made the world rounds. Intel has revealed that there is a potential vulnerability that would allow a hacker, who would theoretically be near the device, to break into it without authorization and send fake messages between two vulnerable Bluetooth devices.
The Bluetooth vulnerability affects the Bluetooth driver interface of Apple, Broadcom, Intel, and Qualcomm operating systems. Intel explained that the vulnerability in the Bluetooth protocol potentially allows an attacker in physical proximity (within 30 meters) to gain unauthorized access through an adjacent network, intercept traffic, and send fake messages between two devices.
It could be interest you
Klára Jelínková This can lead to information leaks and other threats, according to Intel. Devices supporting the Bluetooth protocol do not sufficiently verify encryption parameters in secure connections, resulting in a "weaker" pairing in which an attacker can obtain data sent between two devices.
According to the SIG (Bluetooth Special Interest Group), it is unlikely that a larger number of users could be affected by the vulnerability. For the attack to be successful, the attacking device must be in close enough proximity to two other – vulnerable – devices that are currently being paired. Additionally, an attacker would have to intercept the public key exchange by blocking each transmission, send an acknowledgment to the sending device, and then place a malicious packet on the receiving device—all in a very short time frame.
Apple has already managed to fix the bug in macOS High Sierra 10.13.5, iOS 11.4, tvOS 11.4 and watchOS 4.3.1. So owners of apple devices need not worry. Intel, Broadcom, and Qualcomm also issued a patch, Microsoft devices were not affected, according to the company's statement.
