A newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.
The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.
From Intel's explanation:
A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.
According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.
For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.
Tag: Bluetooth
28 comments
Apple today shared two new iPhone XS and iPhone XS tutorial videos on its YouTube channel, both of which are designed to highlight available features on the new devices.
The first video is...
Apple this morning released the third beta of iOS 12.2 to developers, and as with most early betas, the new software introduces refinements and user interface changes for various features.
There...
The third beta of iOS 12.2, released to developers this morning, includes a fix for the Group FaceTime bug, which also reenables Group FaceTime on devices running the iOS 12.2 beta.
Apple...
4-inch iPhone enthusiasts who have been unable to take advantage of the $249 iPhone SE deal on Apple's clearance site can once again make a purchase, as Apple has restocked the website and...
Apple today seeded the third beta of an upcoming iOS 12.2 update to developers for testing purposes, two weeks after seeding the second beta of iOS 12.2 and a week and a half since the launch of iOS...
The U.S. Patent and Trademark Office today published a newly granted Apple patent related to an "inductively chargeable earbud case." While the AirPods and AirPower are not named in the...
HomePod shipments totaled 1.6 million units in the fourth quarter of 2018, a 45 percent increase on a year-over-year basis, according to Strategy Analytics. Despite the growth, the research firm...
As part of its efforts to rebuild Apple Maps, Apple has been collecting street-level data with LiDAR-equipped vehicles for over three years, with at least 45 states across the U.S. partially surveyed...
