BluetoothIconXA newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

From Intel's explanation:

A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.

As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

Tag: Bluetooth

Top Rated Comments

Fall Under Cerulean Kites Avatar
Fall Under Cerulean Kites
34 months ago
This may result in information disclosure, elevation of privilege and/or denial of service.
Bluetooth pairing is so poor as it is, how would one even recognize they were being DoS’d?
Score: 10 Votes (Like | Disagree)
macintoshmac Avatar
macintoshmac
34 months ago
Why are Microsoft devices not affected? :oops:
Score: 4 Votes (Like | Disagree)
macduke Avatar
macduke
34 months ago
Why are Microsoft devices not affected? :oops:
Security through obscurity.
Score: 4 Votes (Like | Disagree)
Cougarcat Avatar
Cougarcat
34 months ago
Only High Sierra? Did the Sierra security update fix this?
Score: 3 Votes (Like | Disagree)
m0sher Avatar
m0sher
34 months ago
I’m just impressed by the time we hear the news, it’s already been fixed. Good job. :)
Score: 3 Votes (Like | Disagree)
fairuz Avatar
fairuz
34 months ago
Yo, maybe we can exploit this instead of fixing it. That way I can finally forcibly auto-pair my stuff instead of going through the painful pairing process manually!

Jokes aside, this is yet another reason I keep Bluetooth disabled forever (the other big one being that it's a PitA). It's like Adobe Flash, a new vulnerability every few months.
[doublepost=1532463234][/doublepost]
Only High Sierra? Did the Sierra security update fix this?
HS, Sierra, and El Cap are patched: https://support.apple.com/en-us/HT208937
Edit: Not actually sure cause the Bluetooth subsection says something different.
Score: 2 Votes (Like | Disagree)
Read All Comments

Top Stories

microsoft edge ios android

Bill Gates Says His Preference for Android Over iPhone is Due to Pre-Installed Software

Friday February 26, 2021 3:35 am PST by
Microsoft co-founder Bill Gates this week participated in his first meeting on Clubhouse, the increasingly popular invite-only conversation app, where he fielded a range of questions as part of an ongoing book tour. Gates was interviewed by journalist Andrew Ross Sorkin, and given that the Clubhouse app is currently only available on iOS, naturally one of the questions that came up was...
Read Full Article314 comments
Top Stories 47 Feature copy

Top Stories: MacBook Pro, iMac, and AirPods Rumors, macOS 11.2.2, MagSafe Wallet Revisited

Saturday February 27, 2021 6:00 am PST by
March is right around the corner, and that means our first good opportunity for Apple product launches in 2021 as the company frequently has significant launches in March or April each year. We're hearing rumors about MacBook Pro, iMac, AirPods, and more, although many of these will be coming out at different times over the course of the year. This week also saw a macOS update to address a ...
Read Full Article36 comments
iphone 6 in hand

Apple Faces Another iPhone Lawsuit Over 'Programmed Obsolescence'

Monday March 1, 2021 6:44 am PST by
Apple faces a new class-action lawsuit that accuses it of deliberately releasing iOS updates that slowly reduce the performance of an iPhone, forcing customers to upgrade their devices. The lawsuit comes from the Portuguese Consumer Protection Agency, Deco Proteste (via Marketeer), which in a statement says that it will proceed with a case against the Cupertino tech giant because it...
Read Full Article277 comments
maxresdefault

HomeKit Essentials Worth Checking Out

Saturday February 27, 2021 7:05 am PST by
HomeKit was slow to take off after its 2014 launch, but now that it's been around for seven years, there are hundreds of HomeKit products available, ranging from doorbells and speakers to TVs, lights, and cameras. In our latest YouTube video, we rounded up some of our favorite HomeKit products that we find most useful. Subscribe to the MacRumors YouTube channel for more videos. HomePod...
Read Full Article131 comments
First Look Big Sur Feature2

Apple Releases macOS Big Sur 11.2.2 to Prevent MacBooks From Being Damaged by Third-Party Non-Compliant Docks

Thursday February 25, 2021 10:07 am PST by
Apple today released macOS Big Sur 11.2.2, the fourth update to the macOS Big Sur operating system that launched in November. macOS Big Sur 11.2.2 comes two weeks after the release of macOS Big Sur 11.2.1, a bug fix update. The new ‌‌‌‌macOS Big Sur‌‌‌ 11.2.2‌ update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences....
Read Full Article247 comments
iphone 12 pro display video

iPhone 13 to Include 1TB Storage Option and LiDAR Across the Board, Says Wedbush Analyst

Monday March 1, 2021 4:00 am PST by
Apple's forthcoming iPhone 13 could include a 1TB storage option for some models and LiDAR Scanners across the entire lineup, according to a report from Wedbush analysts. In a new note to investors, seen by MacRumors, Wedbush analyst Daniel Ives said that initial Asian supply chain checks gave the firm "increased confidence" that Apple's 5G-driven product cycle would extend well into 2022,...
Read Full Article81 comments
flat mbp 14 inch feature yellow

Redesigned 14-Inch MacBook Pro Expected to Feature Brighter Mini-LED Display With Slimmer Bezels and More

Thursday February 25, 2021 7:48 am PST by
Apple plans to unveil new 14-inch and 16-inch MacBook Pro models with Mini-LED-backlit displays in the second half of this year, according to industry sources cited by Taiwanese supply chain publication DigiTimes. The report claims that Radiant Opto-Electronics will be the exclusive supplier of the Mini-LED backlight units, while Quanta Computer is said to be tasked with final assembly of the...
Read Full Article207 comments
mac mini developer transition kit photo feature

Apple Requiring Developers to Return DTK Mac Minis by March 31

Friday February 26, 2021 3:57 pm PST by
Apple today sent out emails to developers who are in possession of a Developer Transition Kit, asking them to return the machines by March 31. The Developer Transition Kits are Mac minis with A12Z chips that Apple provided for development purposes ahead of the release of the M1 Macs. Apple in the emails provided developers with shipping instructions, and plans to begin collecting the DTKs...
Read Full Article170 comments
iphone 12 120hz thumbnail feature

Kuo: iPhone 13 Lineup to Feature Smaller Notch and Larger Batteries, 120Hz Display for Pro Models, and More

Monday March 1, 2021 7:50 am PST by
iPhone 13 models will all feature a smaller notch, while the two Pro models will be equipped with low-power LTPO display technology for a 120Hz refresh rate, analyst Ming-Chi Kuo said today in a research note obtained by MacRumors. Subscribe to the MacRumors YouTube channel for more videos. Several other sources have previously claimed that some iPhone 13 models will support a 120Hz refresh...
Read Full Article91 comments
unc0ver version 6 release

Jailbreak Tool 'unc0ver' 6.0.0 Released With iOS 14.3 Compatibility

Sunday February 28, 2021 9:26 am PST by
The team behind the "unc0ver" jailbreaking tool for iOS has released version 6.0.0 of its software, which can allegedly be used to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability. The unc0ver website describes how the tool has been extensively tested across a range of iOS devices running various software versions, including an iPhone 12 Pro Max running iOS ...
Read Full Article94 comments