Bluetooth Low Energy is a widespread wireless technology connecting billions of gadgets, relying on a pairing process to generate secret keys for safe communication. Sometimes, previously connected equipment must negotiate a new security level through a procedure called re-pairing. Researchers discovered significant vulnerabilities within the official rules governing this re-pairing mechanism. Specifically, the standard lacks proper authentication checks and allows hackers to force connections into using weaker security states. Since these weaknesses stem from the core Bluetooth design, billions of compliant gadgets remain exposed to potential exploits.
Taking advantage of these blind spots, an attacker can secretly intercept data or trick equipment into establishing a connection with a malicious machine. For example, a hacker could deceive a smartphone into believing it is communicating with a trusted wireless mouse. Researchers successfully executed these impersonation attacks against twenty-three different products from major brands like Apple, Google, Microsoft, and Logitech. Although certain companies acknowledged the flaws and released software patches, others ignored the reports, and the organization in charge of Bluetooth rules officially declined to update the vulnerable standard
This article was originally published by DEV Community and written by ThanidaSangkasanya.
Read original article on DEV Community