Breaking News

DJI Agras T100, T70P and T25P Launches Globally Sony Introduces the RX1R III Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2 Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Bluetooth SIG Patches Security Vulnerability

Bluetooth SIG Patches Security Vulnerability

Enterprise & IT Jul 23,2018 0

The Bluetooth SIG has updated the Bluetooth specification to correct a security hole of the Bluetooth technology that could be used for man-in-the-middle attacks.

Researchers at the Israel Institute of Technology identified a security vulnerability in two related Bluetooth features: Secure Simple Pairing and LE Secure Connections.

The researchers identified that the Bluetooth specification recommends, but does not require, that a device supporting the Secure Simple Pairing or LE Secure Connections features validate the public key received over the air when pairing with a new device. It is possible that some vendors may have developed Bluetooth products that support those features but do not perform public key validation during the pairing procedure. In such cases, connections between those devices could be vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic. For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

To remedy the vulnerability, the Bluetooth SIG has updated the Bluetooth specification to require products to validate any public key received as part of public key-based security procedures. In addition, the Bluetooth SIG has added testing for this vulnerability within our Bluetooth Qualification Program.

The Bluetooth SIG says there is no evidence that the vulnerability has been exploited maliciously and that is not aware of any devices implementing the attack having been developed, including by the researchers who identified the vulnerability.

Tags: Bluetooth
Previous Post
Huawei Wants to be the First to Launch a Foldable Smartphone
Next Post
MiiiW Mouse Pad Can Charge Your Phone

Related Posts

  • Dialog Semiconductor Adds New Features to Bluetooth SoCs to Enabling Highly Accurate Tracing

  • Bluetooth Direction Finding Feature Enables Location Services Accurate to Within 10 cm

  • Bluetooth Gets Mesh Networking Capability

  • Bluetooth 5 Technology Brings Advancements In Terms Of Range, Speed And Capacity

  • Bluetooth 5 Quadruples Range, Doubles Speed, Increases Data Broadcasting Capacity

  • Bluetooth Technology to Gain Longer Range, Faster Speed

  • New Bluetooth Specifications Enable IP Connectivity, Deliver Privacy and Increased Speed

  • Updated Bluetooth 4.1 Adds New Usability Features

Latest News

DJI Agras T100, T70P and T25P Launches Globally
Drones

DJI Agras T100, T70P and T25P Launches Globally

Sony Introduces the RX1R III
Cameras

Sony Introduces the RX1R III

Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2
Gaming

Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance
PC components

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance

G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025
Enterprise & IT

G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed