Bluetooth Bug Could Expose Devices to Attack; Patch Coming
Jul 24, 2018, 7:42 AM by Eric M. Zeman
Researchers at the Israel Institute of Technology discovered a vulnerability in Bluetooth's Secure Simple Pairing and LE Secure Connections features that could lead to man-in-the-middle attacks. According to the researchers, the Bluetooth specification doesn't require devices with these features to validate the public key when pairing with new hardware. By not validating the key, it leaves the connection open to attack. In this case, the attacker would need to have a device within 30 meters and intercept the pairing procedure between two devices. The attacker's hardware could pose as the intended paired device, hijack the connection, and transmit malicious code. For this to work, both devices attempting to pair would need to have the Secure Simple Pairing or LE Secure Connections features enabled in their code, and the attacker's timing would have to be impeccable, according to the Bluetooth SIG. The bug impacts hardware from Apple, Broadcom, Intel, and Qualcomm, along with some Android handsets. According to ZDNet, Apple issued a patch for this bug in July. Intel and Qualcomm have updated their drivers, respectively, and some PC makers have begun to distribute the patches. LG and Huawei have said they'll include patches for the bug in security updates for their Android phones this month. Google has not mentioned the bug in any of its monthly security updates and it's not clear if the Android kernel, nor what other Android devices, are affected
Feb 4, 2021
A forthcoming update to Google Fit will allow the app to measure heart rate and respiratory rate using only a phone's camera. The update will be available next month.
Jun 18, 2019
Facebook today announced Libra, a new digital currency that aims to combine the best features of other cryptocurrencies in order to be more consumer-friendly. The currency will be administered by the Libra Association, a new non-for-profit based in Geneva.
Feb 7, 2020
A security flaw has been found in Android that allows attackers to access a phone via Bluetooth with no user interaction required. Android's most recent monthly security update, released on February 3rd, fixes the flaw.
May 28, 2019
Bittium's new Tough Mobile 2 is a mid-range smartphone with unusually advanced security features, designed for organizations with exceptional security needs, including governments and militaries. A privacy switch disables microphones, cameras, and Bluetooth at a hardware level, and reduces sensor sensitivity to prevent fingerprinting.