Bluetooth Devices Are Vulnerable to Hacking

Bluetooth Devices Are Vulnerable to Hacking

Bluetooth pairing with Gadgets is vulnerable to easy hack,  your personal details can be stolen via bluetooth.

This News is Brought You By

Now days, almost everyone is connected to a Bluetooth device wirelessly, promising to make their lives easier. Unfortunately, the more we’ve grown to rely on it, the more these devices have been susceptible to hacks and invasion of privacy. With the advancement of technology hackers and their hacking techniques are getting more and more sophisticated.

The way Bluetooth devices communicate with the mobile apps leaves room for hackers to steal sensitive personal information, be it a smartwatch, fitness tracker, smart speaker or smart home assistant.

There have been recent discovery by the Association for Computing Machinery’s Conference on Computer & Communications Security held in London.

According to them, an inherent design flaw makes mobile apps that work with Bluetooth Low Energy devices vulnerable to hacking. This happens at the very initial stage, when the device is just paired to the mobile app.

While the magnitude of that vulnerability varies, it has been found that this is a rather deep rooted problem among Bluetooth low energy devices when communicating with mobile apps.

For example, a wearable health and fitness tracker, smart thermostat, smart speaker or smart home assistant. Each first communicates with the apps on your mobile device by broadcasting something called a UUID — a universally unique identifier. What happens is this identifier allows the corresponding apps on the connected device to recognise the Bluetooth device, creating a connection that allows your phone and device to talk to one another.

However, this identifier itself is also embedded into the mobile app code, else mobile apps would not be able to recognise the device. The problem here is these UUIDs in the mobile apps make the devices vulnerable to a fingerprinting attack, as founded by the research team.

At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps.

The researchers have found out that the problem should be relatively easy to fix and have also made recommendations to app developers and to Bluetooth industry groups.

If the app developers tightened defences in that initial authentication, the problem could be resolved.

The team reported their findings to developers of vulnerable apps and to the Bluetooth Special Interest Group, and created an automated tool to evaluate all of the Bluetooth Low Energy apps in the Google Play Store – 18,166 at the time of their research.

In addition to building the databases directly from mobile apps of the Bluetooth devices in the market, the team’s evaluation also identified 1,434 vulnerable apps that allow unauthorised access.

This News is Brought You By

Related posts