Warning: This Critical Bluetooth Security Flaw Puts Every Android, iOS and Windows Users At The Mercy Of Cyber-criminals



Android, and iOS users are advised to update their device so as not to fall prey to cyber criminals who might use this newly discovered Bluetooth flaw to exploit you.

This Bluetooth critical security flaw puts billions of Bluetooth enabled devices at risk of cyber criminals.

According to Carnegie Mellon's US Computer Emergency Response Team (CERT), the vulnerability impacts the data encryption process over Bluetooth connections which let you securely transfer files between two paired devices wirelessly over a distance.

The flaw arises as a result of a missing check on keys while data is encrypting, specifically an absent validation contained in the Diffie-Hellman (ECDH) key exchange. These are the keys that your device and the one that you're pairing with exchange to lock down communications so that outsiders can't decipher the data you're transmitting.


Now the issues comes in because the Bluetooth standard doesn't require both of the pairing devices to completely validate those keys, which now leave the access open for hackers to sit in between the two pairing parties and sniff on the data.

Well that shouldn't be a problem again since device manufacturers are rushing to create a permanent fix for this vulnerability.

Apple has dropped a patch for MacOS E1 Captain and later, and also for iOS 11.4 for iPhones.

Intel too has also provided updated Bluetooth drivers for Windows 7, 8.1 and 10.

Google on its part too has patched the security vulnerability on both ChromeOS and Android.

Now that device and chip manufacturers have dropped a fix for this, those whose device have been updated shouldn't have difficulty in validating the entire process during the Diffie-Hellman (ECDH) key exchange.

CERT says they haven't logged any real-life incidents related to the security flaw.

;

No comments

Powered by Blogger.