Decade-old Bluetooth flaw lets hackers steal data passing between devices

Decade-old Bluetooth flaw lets hackers steal data passing between devices

6 years ago
Anonymous $RBasgWKaIV

https://arstechnica.com/information-technology/2018/07/decade-old-bluetooth-flaw-lets-hackers-steal-data-passing-between-devices/

A large number of device makers are patching a serious vulnerability in the Bluetooth specification that allows attackers to intercept and tamper with data exchanged wirelessly. People who use Bluetooth to connect smartphones, computers, or other security-sensitive devices should make sure they install a fix as soon as possible.

The attack, which was disclosed in a research paper published Wednesday, is serious because it allows people to perform a man-in-the-middle attack on the connection between vulnerable devices. From there, attackers can view any exchanged data, which might include contacts stored on a device, passwords typed on a keyboard, or sensitive information used by medical, point-of-sale, or automotive equipment. Attackers could also forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website in an outright compromise of the connected phone or computer.

Decade-old Bluetooth flaw lets hackers steal data passing between devices

Jul 26, 2018, 1:16am UTC
https://arstechnica.com/information-technology/2018/07/decade-old-bluetooth-flaw-lets-hackers-steal-data-passing-between-devices/ > A large number of device makers are patching a serious vulnerability in the Bluetooth specification that allows attackers to intercept and tamper with data exchanged wirelessly. People who use Bluetooth to connect smartphones, computers, or other security-sensitive devices should make sure they install a fix as soon as possible. > The attack, which was disclosed in a research paper published Wednesday, is serious because it allows people to perform a man-in-the-middle attack on the connection between vulnerable devices. From there, attackers can view any exchanged data, which might include contacts stored on a device, passwords typed on a keyboard, or sensitive information used by medical, point-of-sale, or automotive equipment. Attackers could also forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website in an outright compromise of the connected phone or computer.