A newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.
The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.
From Intel's explanation:
A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.
According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.
For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.
Tag: Bluetooth
28 comments
The United States Justice Department is launching a broad antitrust review into whether major technology companies are unlawfully stifling competition, reports The Wall Street Journal.
The DoJ...
Apple this week released iOS 12.4, the newest version of iOS 12 available for iPhones and iPads. One of the new features in iOS 12.4 is an updated data migration option that uses device to device...
Apple's mobile apps are often first in App Store search results ahead of competitors, according to a new analysis done by The Wall Street Journal.
For basic searches like "maps,"...
Apple plans to release an all-new 16-inch MacBook Pro in October, according to supply chain sources cited by Taiwan's Economic Daily News.
The report claims the 16-inch display will be a...
Apple is widely expected to unveil a trio of new iPhones in September, and 9to5Mac has revealed a few new features we can expect.
First, the report claims all three models will feature a...
Apple earlier this month introduced a surprise update to its MacBook Pro line, overhauling the entry-level 13-inch machine to bring it in line with more expensive models that were updated back in...
Apple is now in advanced talks to purchase Intel's smartphone modem chip business, reports The Wall Street Journal, citing people familiar with Apple's plans.
A deal that covers a...
Apple's iPhone XR was the best selling iPhone in the third fiscal quarter of 2019, according to new data shared today by Consumer Intelligence Research Partners (CIRP).
The iPhone XS, iPhone...
