Intel Discovers And Publishes New Bluetooth Vulnerability
Turns out, Intel has now discovered and published a new Bluetooth vulnerability, which could help intercept and manipulate transmissions between two compatible devices. The reports say that the newly discovered vulnerability has the potential to allow cybercriminals to intercept transmissions between two affected Bluetooth-compatible devices and also to relay malicious signals back and forth between the two devices.
Reports also say this widespread issue could even affect Bluetooth implementations within Apple, Broadcom, Intel, and Qualcomm systems. Thus, it could spread far and wide, and impact many users and devices as well. The only condition is that the hacker’s device and the target device, both Bluetooth-compatible devices, should be within 30 meters of one another.
The Intel report that published the vulnerability says- “A vulnerability in Bluetooth® pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth® devices. This may result in information disclosure, elevation of privilege and/or denial of service.” As a result, a Bluetooth headset may have its audio compromised or hackers could even record or alter the keystrokes of a Bluetooth keyboard).
Intel has also given out a long list of affected products, for Microsoft Windows (Windows 7, 8.1 and 10), for Google Chrome OS and for Linux OS. As per experts at the Bluetooth SIG (Special Interest Group), the actual number of devices affected are somewhat smaller than the potential number of devices affected, which appears to be quite huge in terms of scale. The difference is because, as already explained, the hacker would have to be within the Bluetooth range and would also have to hijack the affected devices at the same time when the pairing process is going on for the two devices. Thus, there is a very narrow window of time within which the attacker would have to do the whole exchange, which would involve intercepting the public key exchange, and then blocking and forging transmissions.
Here’s some good news for users of Apple devices. Those iOS and macOS users who are using iOS 11.4 or macOS 10.13.5/6 don’t have to worry as Apple has already introduced a fix for this issue in earlier software versions.
Reports say that the affected manufacturers have promptly introduced fixes, which means that there’s not much to be concerned about. Thus, though reports did say that the issue was widespread and could impact large number users and devices, in reality, that might not happen!