A newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.
The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.
From Intel's explanation:
A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.
According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.
For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.
Tag: Bluetooth
28 comments
The second beta of iOS 13.3.1, released earlier this month, includes a toggle for disabling the Ultra Wideband chip in the device.
Found by Twitter user Brandon Butch (via 9to5Mac), the toggle...
Executives from PopSockets, Sonos, Basecamp, and Tile are attending a congressional hearing today to testify in an ongoing antitrust inquiry involving major tech companies like Amazon, Apple, Google,...
Apple today announced that it has signed a multi-year agreement with award-winning actress and producer Julia Louis-Dreyfus, who will develop new projects exclusively for Apple TV+ as both an...
Dutch company Robin Telecom today announced that its Robin ProLine doorbell is the first to support HomeKit Secure Video, allowing the camera to capture and store recordings securely in iCloud.
...
The entire first season of "Little America," an immigrant anthology series created by Kumail Nanjiani and Emily V. Gordon, is now available to stream on Apple TV+.
The show features...
Apps designed for the Mac often don't receive as much attention as apps designed for iPhones and iPads, so we have a series here at MacRumors that highlights useful and interesting Macs worth...
NBC today announced that its upcoming Peacock streaming video service is set to launch in the United States on July 15.
The service, which will offer upwards 7,500 hours of programming including...
In a news story about an Apple employee who has started a barbershop for at-risk youth, Apple today said that between its own donations and employee donations, it donated more than $100 million...
