Two recently discovered Bluetooth security flaws allow hackers to infiltrate the connections of devices using Bluetooth 4.2 to 5.4. These security flaws place millions of devices introduced since December 2014 at risk—including the latest iPhones, iPads, and Macs.
Businesses that don’t have centralised device monitoring as a part of their IT infrastructure are most at risk, according to Leo Tong, Velocity’s Sales Director. “When we picked up on news of this risk, we immediately thought of our clients with fully managed IT support in place and the steps we could take to mitigate risk for them. Businesses that don’t have visibility and monitoring on all devices are exposed,” he said.
As reported in 9to5Mac, attackers can gain access to at-risk Bluetooth-enabled devices, enabling both device impersonations and man-in-the-middle (MITM) attacks.
Security researchers at Eurecom created six new attacks (collectively named BLUFFS) to determine the extent of these security vulnerabilities. BLUFFS exploit two previously unknown flaws in the Bluetooth standard related to how session keys are derived to decrypt data in exchange. Four flaws are exploited in the session key derivation process, forcing the derivation of a short and predictable session key (SKC).
“The main danger of this vulnerability is that it gives cyber criminals access to business and personal data and files,” warns Leo. “Attackers can also sneak in and take over your devices without you being aware of it. This gives them access to key assets like your LinkedIn account, Office 365 or Google Workspace, as well as your computer and network systems.”
According to Leo, these Bluetooth cracks are a prime example of a zero-day vulnerability issue.
“A zero-day vulnerability is a crack in a system or device that the public has been made aware of but has yet to be patched,” he said. “Exploits that attack zero-day vulnerabilities are known as zero-day exploits.”
Since zero-day vulnerabilities are discovered before software developers and security researchers are able to issue the correct patches, they pose a major risk to users. “Hackers will be working round the clock to exploit these vulnerabilities and commit cybercrimes. Overall, impacted systems are compromised until a patch has been issued by the vendor.
“Thankfully, there are steps you can take to prevent security breaches and safeguard your systems”
Leo recommends that all iPhone and Macbook users patch their devices as soon as possible. This would prevent bad actors from gaining access to their devices and impersonating them.
“Think about this: all devices use Bluetooth. So a crack on Bluetooth-enabled devices means millions of mobile devices and computers are at risk,” he said. “This is why it’s so important to have a fully-managed IT service provider monitoring all of your devices and systems 24/7. They’ll work tirelessly to prevent security breaches and ensure that all known vulnerabilities are patched.”
If you’re looking for a reputable provider of fully-managed IT services—including patch management of your computer and network systems—look no further than Velocity Technology.
Our IT experts will work tirelessly to shield your business from the latest cybersecurity threats. We’ll not only safeguard your data and systems, but also protect your business’ customers, reputation, and continued existence.
To learn more, get in touch for a free consultation. Contact us.