The bug allows cyber criminals to intercept and decrypt or forge and inject device messages.
A new found vulnerability in Bluetooth has put several users at risk. It has been noticed that this vulnerability lets a cybercriminal intercept and thus monitor the data being transferred to and from a device in proximity. Moreover, this loophole's effect is not just limited to Andriod devices but can also affect Apple, Qualcomm, Intel and Broadcom.
According to a report in Hindustan Times, the official Bluetooth wireless technology regulators named Bluetooth SIG published a detailed report about the vulnerability in two Bluetooth features viz. Secure Simple Pairing and LE Secure Connections. The report detailed that, in order to communicate to a device, it is necessary that both the devices to be paired with each other. And then, certain parameters should be agreed on, after which if the Bluetooth devices don’t validate the parameters properly or sufficiently, it opens up a path for an attack. So far, Apple Intel and Qualcomm have been affected by the attack, however, Apple and Intel have already released their software and firmware updates to fix this bug.
Rahul Tyagi, Co-Founder & VP, Lucideus, said that when not in use, users should turn their Bluetooth off. He said: "By doing this user’s can avoid unwanted pairing or connections, also when Bluetooth is left on Bluetooth packets are broadcasted which contains Bluetooth hardware details which make it easier to track the victim so by turning Bluetooth off users can avoid being tracked or hacked. And they should make sure that they are updated with the latest security updates released by the manufacturer."