Major Bluetooth Security Flaw Has Been Discovered by Intel And Fixes Are Already Out For Android And iOS
A Bluetooth vulnerability has recently been discovered by Intel on all the Android as well as iOS smartphones that potentially allow a hacker to get unauthorised access to a device. Using the discovered loophole, a hacker might be able to intercept traffic as well as send forged pairing requests to a device through another. In addition to the Apple devices, the Bluetooth vulnerability also affects operating system drivers of Intel, Broadcom and Qualcomm.
As per Intel, the new-found vulnerability resides in the Bluetooth pairing requests. Through this, any hacker within the physical proximity of 30 meters can gain unauthorised access through an adjacent network. After gaining the access, the hacker can then intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices, potentially resulting in information disclosure, denial of service or elevation of privilege. In simple words, the data exchanged between two devices can be compromised through the vulnerability.
The potential risk of this is limited though, primarily because of the proximity that both the devices need to be in and hence it is speculated that not many devices have been a victim of this till date. As the Bluetooth Special Interest Group (SIG) mentions:
"The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful."
As per reports, both Bluetooth and Bluetooth LE are expected by the vulnerability. Apple has already released a fix for the bug on its devices including macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4 and watchOS 4.3.1. Meanwhile, Intel, Broadcom, and Qualcomm have also introduced the required fixes. As per Microsoft, its devices are not affected by the bug.