Bluetooth Pairing With Gadgets Is Vulnerable To Easy Hack; Your Personal Details Can Be Stolen Via Bluetooth
The degree at which we are exposed to issues such as privacy breach, is a major concern and one of the most disapproving side of technology. The truth is with the advancement of technology, hackers and their hacking techniques are getting more and more sophisticated.
Today, almost everyone is connected to a Bluetooth device wirelessly, promising to make their lives easier. Unfortunately, the more we’ve grown to rely on it, the more these devices have been susceptible to hacks and invasion of privacy.
Bluetooth Devices are Vulnerable to Hacking
Be it a fitness tracker, smartwatch, smart speaker or smart home assistant, the way Bluetooth devices communicate with the mobile apps leaves room for hackers to steal sensitive personal information. We are lucky to have been informed of such happenings, as these devices and our dependence on them have come a far way.
Like we were saying, there have been recent discovery by the Association for Computing Machinery’s Conference on Computer and Communications Security held in London from November 11-15.
As per them, an inherent design flaw makes mobile apps that work with Bluetooth Low Energy devices vulnerable to hacking. This happens at the very initial stage, when the device is just paired to the mobile app.
While the magnitude of that vulnerability varies, it has been found that this is a rather deep rooted problem among Bluetooth low energy devices when communicating with mobile apps.
Consider a wearable health and fitness tracker, smart thermostat, smart speaker or smart home assistant. Each first communicates with the apps on your mobile device by broadcasting something called a UUID — a universally unique identifier.
What happens is this identifier allows the corresponding apps on the connected device to recognise the Bluetooth device, creating a connection that allows your phone and device to talk to one another.
However, this identifier itself is also embedded into the mobile app code, else mobile apps would not be able to recognise the device. The problem here is these UUIDs in the mobile apps make the devices vulnerable to a fingerprinting attack, as founded by the research team.
At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps.
The Solution is Relieving
The best part about technology is how handy they can come in to be. What goes up can be pulled down and vice versa. Even with problems on your Bluetooth device implanting the fear of privacy breach, you don’t need to worry much.
The researchers have found out that the problem should be relatively easy to fix and have also made recommendations to app developers and to Bluetooth industry groups.
If the app developers tightened defences in that initial authentication, the problem could be resolved.
The team reported their findings to developers of vulnerable apps and to the Bluetooth Special Interest Group, and created an automated tool to evaluate all of the Bluetooth Low Energy apps in the Google Play Store – 18,166 at the time of their research.
In addition to building the databases directly from mobile apps of the Bluetooth devices in the market, the team’s evaluation also identified 1,434 vulnerable apps that allow unauthorised access. Their analysis did not include apps in the Apple Store.