The new Bluetooth vulnerability affects all devices and could allow an attacker to spy on your data



[ad_1]

  The new Bluetooth vulnerability affects all devices and could ...

The Computer Emergency Response Team (CERT) released a report on a serious Bluetooth vulnerability, which Not only affects smartphones, but other devices like tablets, laptops and, basically, most Bluetooth enabled devices. The bug was discovered by Lior Neumann and Eli Biham of the Israel Institute of Technology and it is followed by the number CVE-2018-5383. There is apparently a problem with the process of encrypting data when data is transferred between two devices, allowing a nearby attacker to capture and decrypt the shared data via Bluetooth. An unauthenticated remote attacker in range may be able to use a man-in-the-middle network position to determine the cryptographic keys used by the device.The attacker can then intercept and decrypt and / or or forge and inject device messages, "says CERT.

According to the report, the bug is confirmed to affect Broadcom hardware, Intel, Apple and Qualcomm, as well as other Android handsets. It affects both Bluetooth, low power Bluetooth (LE) implementations of secure connection badociation in the Pairing operating system software and the Secure Connections LE. The problem stems from a security weakness in key exchanges (Diffie-Hellman key exchanges) that occurs when two devices establish a Bluetooth connection.

The patch is supposed to be deployed for devices and for Android, the problem is fixed with the June security fix. For macOS users, Apple has already released a patch for the vulnerability earlier this month. Microsoft is not affected by the bug. The registry reports that manufacturers like Lenovo and Dell are working on the fix for the problem and have posted updates in the last month and so on. Since versions of Linux prior to version 3.19 do not support Bluetooth Secure Connections, they are not affected by the vulnerability. The CERT article states that patches are needed in software and firmware. It must be checked whether a software update is available for the device to correct the problem.

 Quotation | Digit.in


<! – commented @ 6 July -2016

-> <! –

->

<! –

-> <! –

The best engineering schools

-> <! –

Related articles

->

[ad_2]
Source link