INTERNATIONAL - A research paper published by Technion, Israel Institute of Technology showed evidence of vulnerability in the Bluetooth protocol which can allow hackers to intercept and tamper with data transmitted between devices.
According to a report by Ars Technica, Vulnerable data includes contacts, keystrokes from a wireless keyboard and the information from medical, point-of-sale, or automotive equipment.
The also stated that hackers could send victims to malicious websites by forging keystrokes on a Bluetooth keyboard.
Google, Intel, and Apple have issued patches for the vulnerability. LG and Huawei have also released security fixes for certain devices.
Carnegie Mellon University’s CERT divison lists Microsoft as unaffected by the issue.
“Microsoft implements an old version of the standard, which is even less secure, rather than the broken contemporary standard,” the researchers stated.
The research showed that if an attack is successful it can go as undetectable by the user.
However, when it fails the user may be notified of authentication failure, yet this behavior is implementation dependent.
Which platforms are affected by this attack?
"As far as we know every Bluetooth chip manufactured by Intel, Broadcom or Qualcomm is affected. Therefore, almost any device, including smartphones and headsets of all types, are affected. In addition, the Android Bluetooth stack (Bluedroid) is affected when using Bluetooth smart. Apple had provided patches for both MacOS and iOS. The Windows Bluetooth smart stack did not implement the lastest Bluetooth smart protocol and is therefore still vulnerable to older and simpler attacks", said the researches.
- BUSINESS REPORT ONLINE