Bluetooth Bug Could Expose Devices to Attack; Patch Coming
Researchers at the Israel Institute of Technology discovered a vulnerability in Bluetooth's Secure Simple Pairing and LE Secure Connections features that could lead to man-in-the-middle attacks. According to the researchers, the Bluetooth specification doesn't require devices with these features to validate the public key when pairing with new hardware. By not validating the key, it leaves the connection open to attack. In this case, the attacker would need to have a device within 30 meters and intercept the pairing procedure between two devices. The attacker's hardware could pose as the intended paired device, hijack the connection, and transmit malicious code. For this to work, both devices attempting to pair would need to have the Secure Simple Pairing or LE Secure Connections features enabled in their code, and the attacker's timing would have to be impeccable, according to the Bluetooth SIG. The bug impacts hardware from Apple, Broadcom, Intel, and Qualcomm, along with some Android handsets. According to ZDNet, Apple issued a patch for this bug in July. Intel and Qualcomm have updated their drivers, respectively, and some PC makers have begun to distribute the patches. LG and Huawei have said they'll include patches for the bug in security updates for their Android phones this month. Google has not mentioned the bug in any of its monthly security updates and it's not clear if the Android kernel, nor what other Android devices, are affected
Jul 6, 2016
Google today provided some information about its July security patch for Android devices. Notably, the patch will be separated into two moving forward.
Oct 16, 2017
Researchers say they've found a serious gap in the WPA2 security protocol that can allow hackers to use k ey r einstallation a tta cks (KRACKs) to compromise most WiFi devices. The researchers say the method allows hackers to read encrypted information transiting via WiFi, including passwords, emails, photos, credit card numbers, and more.
Feb 5, 2018
Google today made the February security patch available to its Nexus and Pixel devices. First and foremost, the patch closes a number of security holes in the code that left all the handsets vulnerable to certain types of attacks.
Aug 8, 2018
The Samsung Galaxy S7 has a serious security flaw, according to researchers from Austria’s Graz Technical University. A microchip security issue leaves the S7 open to Meltdown attacks.
Apr 12, 2018
Security Research Labs says Android phone makers often miss security patches but still tell owners the phones are up-to-date. Researchers Karsten Nohl and Jakob Lell examined the code of some 1,200 phones from more than a dozen phone makers for every security patch released during 2017.