Every Bluetooth device is at risk of hackers penetrating through their mobile firewalls. An article by TechSpot states that Bluetooth discovered a bug in its system. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen have published a short journal about Bluetooth and this specific bug.
The World-Famous Wireless Connection: Bluetooth
Bluetooth is a mobile/desktop application that provides a wireless connection to Bluetooth-based devices. Devices are connected through a wireless connection using safe verification processes and encryption keys that are distinct to each device.
First, two devices are paired to establish a connection between them. Encryption keys are used to authenticate the connection between the two devices. Once the two devices are paired, they can automatically connect with each other whenever both devices are in range of each other.
A Pesky Bug
According to the journal made by Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen, this bug will affect billions of mobile devices. This, in turn, allows mobile devices to be open to vulnerability. Moreover, this Bluetooth bug allows hackers to pose as trusted devices when connecting to a Bluetooth device.
Personal information and confidential work activities and documents may be leaked out to these hackers because of this Bluetooth bug. This specific method of hacking is called Bluetooth Impersonation Attacks (BIAS). This method is linked to Bluetooth Classic.
Basic Rate (BR) and Enhanced Data Rate (EDR) are two types of wireless data transfer processes between mobile and desktop devices. Bluetooth Classic utilizes both. The Bluetooth bug, as experts say, contains vulnerabilities in which hackers impersonating as trusted devices can connect to another person's device.
Some notable vulnerabilities are insufficient mutual verification, lenient role switching, and downgraded verification processes. There are disadvantages for hackers when using the Bluetooth Impersonation Attack method.
The hacker must be in range with the targeted person's mobile/desktop device. Moreover, the hacker must be able to successfully connect through either a BR or EDR connection of his/her device to the targeted person's mobile/desktop device and discover their address.
However, when the process of a Bluetooth Impersonation Attack is successful, the hacker will then be able to find personal information from the targeted person's mobile/desktop device or extract personal data from it. Moreover, the targeted person will not even notice that someone is hacking into his/her mobile/desktop device
This is because the hackers impersonate themselves as trusted devices that they have connected to in the past. The Bluetooth Impersonation Attack method can be used together with the Key Negotiation of Bluetooth (or KNOB) method, as experts say.
The Key Negotiation of Bluetooth method allows any hacker to weaken the encryption keys in pairing Bluetooth devices. After the encryption keys are weakened, the hacker will then be able to control a mobile/desktop device completely. Thus, the Bluetooth Special Interest Group (or Bluetooth SIG) will be administering changes to Bluetooth activities.
Additionally, despite all this, teams that aid in the fixing of Bluetooth malfunctions will only be creating small changes to eliminate the risk of hackers.