invia.fr - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from invia.fr Daily Mail and Mail on Sunday newspapers.
By Eduard Kovacs on May 25, 2021
Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.
The flaws, discovered by researchers at France’s national cybersecurity agency ANSSI, affect devices that support the Bluetooth Core and Mesh specifications, which define technical and policy requirements for devices operating over Bluetooth connections.
Malicious actors who are within Bluetooth range can exploit the weaknesses to impersonate legitimate devices, according to an advisory published on Monday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.
Advisories for each flaw have also been published by the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards.
What Exactly is Bluetooth?
Bluetooth, named after a 10th century Danish king, Harold Bluetooth, is a communication standard for exchanging data between mobile and fixed devices. Bluetooth uses the industrial, science and medicine part of the radio spectrum, namely frequencies from 2.402 GHz to 2.480 GHz.
Bluetooth Legacy Pairing, meaning devices using Bluetooth 2.0 or older, uses a PIN as a method for users to verify the two device’s secure connection. This method proved to be exploitable, mostly due to the negligence of the users.
Bluetooth devices 2.1 and above use Secure Simple Pairing, a variant of public key cryptography, and has 4 types of handshaking. Devices need to electronically handshake and pair in order for data to be transmitted between them.