Thousands of devices made vulnerable by a Bluetooth flaw
Should we worry about the security of our Bluetooth connected devices? A team of researchers at Purdue University in the U.S. has discovered that this communication standard, which allows two-way data exchange over very short distances between two devices, has a security hole, ZDNet reports.
Specifically, the devices can be attacked up to several times a day due to a security flaw in the BLESA protocol, which was implemented to save significant battery power despite the use of Bluetooth. Devices using this protocol, which is integrated in almost all smartphones and connected devices, are vulnerable to each reconnection with another device. This is particularly the case when two devices are connected and then move apart before finding themselves once again in the same geographical area.
If users think that an authentication phase is mandatory for this reconnection between the two devices to be effective, this is not the case. Worse still, the authentication procedure requested by one of the two devices, when this is the case, can be ignored by the second one. A security vulnerability makes billions of devices vulnerable to attacks aimed at tampering with information sent from one device to another. At this time, no new updates have been announced by the developers of the operating systems in question. Researchers note that Bluetooth for Windows-based devices is not affected, unlike Bluetooth for devices running Android, iOS and Linux.