A flaw has been discovered within Bluetooth devices leaving them susceptible to hacking.
According to research by Zhiqiang Lin, an engineering and computer science professor, and his research team from the Ohio State University – the flaw lies within Bluetooth Low Energy devices such as smart speakers and fitness trackers.
“There is a fundamental flaw that leaves these devices vulnerable – first when they are initially paired to a mobile app, and then again when they are operating,” Lin said. “And while the magnitude of that vulnerability varies, we found it to be a consistent problem among Bluetooth low energy devices when communicating with mobile apps.”
Bluetooth Low Energy devices communicate and interact with their associated apps on the owner’s mobile phone by broadcasting a UUID (Universally Unique Identifier). This allows the corresponding apps to recognise the Bluetooth device, and create a connection enabling a mobile phone and device to interact with one another.
The researchers explained that UUIDs in mobile apps make the devices vulnerable to fingerprinting attacks.
“At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps,” Lin said.
“But in some cases in which no encryption is involved or encryption is used improperly between mobile apps and devices, the attacker would be able to ‘listen in’ on your conversation and collect that data.”
Fortunately, this issue can be fixed and recommendations have been made to app developers and to Bluetooth industry groups.
After discovering the vulnerability, Lin and his research team built a “sniffer”, a hacking device that can identify Bluetooth devices based on the broadcasting messages sent by the devices.
Once testing the device, researchers identified more than 5,800 Bluetooth Low Energy devices – to which 94.6% were able to be “fingerprinted” by an attack, and 7.4% were vulnerable to unauthorised access or eavesdropping attacks.
“The typical understanding is that Bluetooth Low Energy devices have signals that can only travel up to 100 meters,” he said. “But we found that with a simple receiver adapter and amplifier, the signal can be ‘sniffed’ (or electronically found) much farther – up to 1,000 meters away.”
The research team also examined apps in the Google Play Store (18,166 apps at the time of their research), and found 1,434 vulnerable apps.
“It was alarming,” Lin said. “The potential for privacy invasion is high.”
The post #Privacy: Vulnerability found within Bluetooth devices appeared first on PrivSec Report.