Sign In

Communications of the ACM

ACM TechNews

Decade-Old Bluetooth Flaw Lets Hackers Steal Data Passing Between Devices


The Bluetooth logo.

Researchers at the Technion-Israel Institute of Technology warn of a decade-old bug that continues to plague the Bluetooth specification.

Credit: Bluetooth SIG

A study from the Technion-Israel Institute of Technology warns of a decade-old bug in the Bluetooth specification that allows hackers to intercept and tamper with data shared wirelessly through man-in-the-middle attacks on the link between devices.

Not only can hackers view the data, but they can forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website.

Says security engineer JP Smith, "This attack lets an attacker who can read and modify Bluetooth traffic during pairing force the key to be something they know."

The researchers say the attack is enabled by two design flaws: one involves sending both the x-coordinate and the y-coordinate during the public key exchange, while the other is the protocol's authentication of only the x-coordinate.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account