From The Verge: A fast-acting hacker could be able to weaken the encryption of Bluetooth devices and subsequently snoop on communications or send falsified ones to take over a device due to a newly discovered vulnerability in the standard.
The vulnerability is pretty clever: instead of directly breaking the encryption, it allows hackers to force a pair of Bluetooth devices to use weaker encryption in the first place, making it far easier to crack. Each time two Bluetooth devices connect, they establish a new encryption key. If an attacker gets in between that setup process, they could potentially trick the two devices into settling on an encryption key with a relatively small number of characters. The attacker would still have to perform a brute-force attack against one of the devices to figure out the exact password, but that attack could happen in an achievable amount of time, thanks to this flaw.
It seems that most people using Bluetooth devices don’t need to be too worried, though. In order to execute this attack, a hacker would have to be present during the Bluetooth devices’ connection, block each device’s initial transmission when establishing encryption key length, and broadcast their own message, “all within a narrow time window,” says the organization behind the standard. The hacker would also have to be in range and repeat the attack every time they wanted to break in again.
View: Article @ Source Site
