The recently discovered security flaws affect devices like laptops, PCs, smartphone and other with Bluetooth 4.2 or newer versions.
Security researchers at Eurecom have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.
The six new attacks – named ‘BLUFFS’ were discovered by Daniele Antonioli and make use of 2 undiscovered exploits in the Bluetooth architecture that can be used to decrypt the content of files when users are sending data using the technology. Cybersecurity experts say that the flaws are not limited to a particular hardware or software configuration but affects Bluetooth at an architectural level.
A report by Bleeping Computer suggests that the vulnerabilities impact all devices with Bluetooth 4.2, which was released in late 2014 and also affects Bluetooth 5.4, which was unveiled earlier this year. Apple’s AirDrop feature is also vulnerable since it uses Bluetooth to transfer files between devices.
This means all devices with Bluetooth including laptops, PCs, smartphones, tablets and others are affected by the problem. The research paper states that all Bluetooth-enabled devices are susceptible to at least 3 out of 6 BLUFFS attacks.
What can I do to protect myself?
Since the Bluetooth exploits work at an architectural level, users can do nothing at the moment to fix the vulnerabilities. Instead, the solution requires device manufacturers to make changes to the security mechanisms used by the technology and reject the low-security authentication methods used by older devices. However, it is still unclear if some sort of patches can be released for existing devices.
Currently, the best way to protect yourself against the newly found Bluetooth security flaws is to turn off Bluetooth as soon as you are done using it, but this might be inconvenient for the majority of users. Another precaution users can take is to prevent sharing sensitive files and images via Bluetooth in a public place.
No comments:
Post a Comment