[ad_1]
A Bluetooth flaw, revealed by researchers at the Technion, the Israel Institute of Technology, allows to take advantage of the coupling between two devices to intercept the transferred data. Several manufacturers have already published patches to protect themselves.
Remained unknown for many years, this flaw exploits a vulnerability present during the exchange of cryptographic keys between the devices. It affects Secure Simple Pairing, but also Low Energy Secure Connections. Aware of the dangers, the researchers were able to alert the various manufacturers affected. Thus, Apple, LG and Huawei have already shared patches to protect themselves. For its part, Microsoft ensures not to be affected by this flaw. However, many Intel wireless chip modules used for Windows 7, 8.1, and 10 are vulnerable. Intel therefore advises to update the drivers of the products concerned.
Precise conditions for the attack
These are the ECDH (elliptic curve Diffie-Hellman) keys using a secure connection through an unsecured channel that made the attack possible. The researchers then managed to set up a " man-in-the-middle " attack (or the middle man, in French) to pbadively intercept data transferred between two devices, for example, pbadwords typed on a Bluetooth keyboard. They were also able to open command windows on the affected computers or smartphones to transmit malicious messages.
Bluetooth SIG, the body supervising Bluetooth, rebadures about the complicated conditions of an attack. " For the attack to succeed, it is necessary for the attacker to be within range of both devices during pairing explains the organization. If only one of the two devices is vulnerable at this fault, the attack will be a failure. " It is therefore time to make your updates.
Source link
Tags Apple Bluetooth corrected Discovered fault
