The ever-advancing technology used in our mobile phones has greatly expanded their capabilities and is impacting every aspect of our lives, but it can also bring with it new and ever-changing threats to our data and security. Bluetooth has transformed mobile communications since it first appeared, but a newly discovered Bluetooth hack is putting all Android and iOS operated phones at risk and making it imperative that owners update their phones immediately to combat this emerging threat.
What Is the Threat?
The discovery of the latest Bluetooth hack was announced by the United States of America’s Computer Emergency Response Team, known as CERT, who are based at the prestigious Carnegie Mellon Software Engineering Institute in Pittsburgh, Pennsylvania. They are always on the lookout for new hacks and new vulnerabilities, which led them to recently discover a missing check that should be carried out on encrypted data sent via the Bluetooth system. This could potentially be exploited by hackers who would then be able to intercept data transmitted via Bluetooth, allowing them to access and store personal information including passwords and banking details.
Which Operating Systems Are at Risk?
The differences between iOS and Android are well documented; however, in this case, both systems can be affected, regardless of their differences. In fact, experts note that all mobile devices that make use of Intel, Broadcom, or Qualcomm wireless chips are susceptible to the latest Bluetooth hack. The list includes Apple, Samsung, Sony, and Motorola. Even the latest Apple iPhone 8 and iPhone X smartphones are under threat unless they have had the latest security update. It is yet to be confirmed whether Linux and Google operating systems are affected, although Microsoft systems are said to be unaffected.
How the Vulnerability Works
The latest Bluetooth vulnerability, as noted by CERT and the Israel Institute of Technology, takes advantage of two separate Bluetooth features: low energy Secure Connections Pairing implementations, and Secure Simple Pairing using BR/EDR implementations. Put simply, this means that attackers in proximity to vulnerable phones can snatch the cryptographic key that would usually connect two devices, blocking the transmissions and instead capturing data or injecting malware into the two affected devices. The two people being attacked in this way may be completely unaware that their data and personal information stored on the phone has been compromised.
How to Overcome the Bluetooth Hack
Thankfully, the swift actions in Israel and Pennsylvania that identified this vulnerability have allowed affirmative action to be taken, and Huawei and LG have already installed the latest patch into their new devices. This is likely to be followed by other manufacturers, but the fact remains that both iOS and Android mobile device owners will need to ensure that they have downloaded the latest security update. The Android patch came into effect in June 2018, so if you haven’t updated your operating system since that date you should do so immediately. With respect to Apple devices, the iOS 11.4 system, also released in June, removes the Bluetooth vulnerability, as did the release of macOS High Sierra 10.13.5 and watchOS 4.3.1.
How Many Devices Have Been Attacked By This Hack?
As the Bluetooth hack exploits a historic vulnerability in both Android and Apple operating systems, the number of phones and other Bluetooth connected devices that could potentially be hacked is huge. It is not known, however, how many devices have had data stolen or have received malware as a result of the vulnerability, but Bluetooth experts have pointed out that a would-be attacker would need to be in range of two vulnerable devices at the time that encrypted data was sent, so this physical challenge in itself presents a basic form of protection.
Nevertheless, it’s essential that all owners of phones and other Bluetooth supporting devices using iOS and Android operating systems do not take the threat lightly, as the hack could bring with it significant financial losses. Check when you last updated your operating system right now, and update your Android and iOS device to ensure that your data remains safe and secure.