Eurecom security researchers have discovered two vulnerabilities that allow Bluetooth connections to be hijacked. Violation was brought under control On all devices running version 4.2 or newer.
Proven in total Six ways to exploit security vulnerabilities – called “BLUFFS” by scientists. According to the group, the tactic could “compromise Bluetooth sessions, allowing device spoofing and man-in-the-middle (MitM) attacks.”
Defects reserved Up to version 5.4 on Bluetooth 4.2 infrastructure. The standard was released in December 2014 and affects a wide range of devices, including iPhones, modern Android phones, tablets and computers.
The researchers explain that the tactics exploit four flaws in the session key derivation process to force the creation of a shorter, weaker, and more accessible key.
In practical terms, It’s as if the device has been tricked using a simpler, easier-to-find security key. The attacker can then use brute force until they discover the string and take over the connection.
As a result, it can break the connection in two ways: by pretending to be the target device and receiving data sent by the user (e.g. a file), or by acting as an intermediary between one device and another.
The only solution is to turn off Bluetooth
For now, users can’t do anything to protect themselves from breaches other than turning off Bluetooth. It is now the responsibility of manufacturers to develop updates to fix connection security vulnerabilities, but it is not clear whether this will fix devices that have already been released.
The Bluetooth SIG, the group responsible for developing Bluetooth, recommended on its official website that manufacturers strengthen connection security by standardizing the use of more complex switches.
Attackers target Bluetooth
It was recently discovered that Bluetooth Low Energy (BLE) connectivity is also vulnerable to Flipper Zero attacks. This loophole can be exploited through custom firmware and cause iOS 17 to crash completely.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
