One of the most convenient features many of us enjoy on our mobile devices is Bluetooth, which allows our electronics to connect and “talk” to other gadgets. Because these connections could constitute a network, it’s important that this wireless technology be as secure as possible.
A new encryption vulnerability threatens to allow our personal information to be stolen via Bluetooth. The flaw, discovered by researchers at the Israel Institute of Technology, is being publicized by the U.S. Computer Emergency Response Team (CERT), which is based in the Carnegie Mellon Software Engineering Institute.
An announcement from CERT says the Bluetooth security hole "may allow a remote attacker to obtain the encryption key used by the device."
The Bluetooth Special Interest Group (SIG), which oversees implementation of the technology, said users could be exposed to "a man-in-the-middle attack" if the perpetrator is "within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure."
As you can imagine, this issue likely affects you, me and millions of other people with cell phones and other gadgets. Even if you have the latest, greatest Bluetooth-enabled mobile phone powered by the titans of technology, Apple, Google, Intel, etc., it is vulnerable to this security flaw if you don’t take action.
Bluetooth SIG says it has updated its public key validations, "thereby providing a remedy to the vulnerability from a specification perspective." Now it's up to us: Have you updated your device lately?
This handy chart shows the vendors that are affected and the date your device should have been updated or is ready to update.
© 2020 Clark.com