Your laptop, smartphone or tablet’s Bluetooth chip provides an easy way to connect wireless speakers, keyboards and other accessories. It may also be opening you up to a new cyber attack.
Two independent teams of researchers, one from Purdue University and another at the École polytechnique fédérale de Lausanne, identified a new flaw that affects Bluetooth 4.0 and Bluetooth 5.0. This new vulnerability has been dubbed BLURtooth.
Properly exploited, BLURtooth would allow the attacker to pair his or her own devices without the user’s knowledge. No prompt would ever appear asking the user to confirm the connection or enter a PIN because the attacker is able to either overwrite encryption keys or forced the connection to use weaker encryption.
Once connected, the attacker could “gain additional access to profiles or services that are not otherwise restricted.” These ‘man-in-the-middle’ attacks could allow a hacker to do things like steal keystrokes or eavesdrop on audio.
Many devices will require either software or firmware updates, however these are not available yet. While assurances have been made that those patches will be delivered, there’s really no information how long it will take at this point.