Smartphones running on Android, iOS platforms and Intel-based devices are all vulnerable to a Bluetooth vulnerability that could lead to a hacker to steal information from them, according to a recent report. It is suspected that millions of devices are susceptible to being infiltrated, and security experts have advised the aforementioned smartphone and PC users to update their devices.
Apple iPhones, iPads, Android smartphones and tablets powered by Qualcomm, Intel chipsets and devices on Broadcom are all reportedly affected by the Bluetooth vulnerability, according to a warning from the US Computer Emergency Response Team (CERT). The CERT which operates out of the Carnegie Mellon Software Engineering Institute described the vulnerability as being caused due to missing check on keys during the process of encrypting data sent over Bluetooth connections, according to a Forbes report.
The vulnerability in Bluetooth on Apple, Android, Intel, Qualcomm, Broadcom devices has been attributed to a missing validation in the encryption method used in Bluetooth standard known as the ‘Diffie-Hellman key exchange’. This essentially means that any hacker within the Bluetooth range of vulnerable devices could get the keys required to unmask information that is supposed to be encrypted, the CERT said.
‘Encrypted’ messages sent over Bluetooth could be accessed by the attacker and eventually decrypted to reveal information such as notification messages or even two-factor authentication codes, Mike Ryan, a Bluetooth security expert is reported to have said. Every Android device prior to the June patch, and every device with wireless chips of Intel, Qualcomm or Broadcom is reported as being vulnerable, the online publication posted.
More specifically, with respect to the Apple devices, the company issued fixes in May with the release of iOS 11.4 for iPhones, iPads and MacOS versions in June. An Israeli researcher was quoted as saying that every iPhone device with a Broadcom or Qualcomm chipset is vulnerable and this included the latest iPhone 8 and iPhone X smartphones.
Android Open Source Project has reportedly released a patch to fix the vulnerability, and two OEM’s- Huawei, LG are said to have patched it in their latest software release for their smartphones.