A study from the Technion-Israel Institute of Technology warns of a decade-old bug in the Bluetooth specification that allows hackers to intercept and tamper with data shared wirelessly through man-in-the-middle attacks on the link between devices.
Not only can hackers view the data, but they can forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website.
Says security engineer JP Smith, "This attack lets an attacker who can read and modify Bluetooth traffic during pairing force the key to be something they know."
The researchers say the attack is enabled by two design flaws: one involves sending both the x-coordinate and the y-coordinate during the public key exchange, while the other is the protocol's authentication of only the x-coordinate.
From Ars Technica
View Full Article
Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA