The degree at which we are exposed to issues such as privacy breach, is a major concern and one of the most disapproving side of technology. The truth is with the advancement of technology, hackers and their hacking techniques are getting more and more sophisticated.
Today, almost everyone is connected to
a Bluetooth device wirelessly, promising to make their lives easier. Unfortunately,
the more we’ve grown to rely on it, the more these devices have been susceptible
to hacks and invasion of privacy.
Bluetooth Devices are Vulnerable to Hacking
Be it a fitness tracker, smartwatch, smart
speaker or smart home assistant, the way Bluetooth devices communicate with the
mobile apps leaves room for hackers to steal sensitive personal information.
We are lucky to have been informed of such happenings, as these devices and our
dependence on them have come a far way.
Like
we were saying, there have been recent discovery by the Association for
Computing Machinery’s Conference on Computer and Communications Security held
in London from November 11-15.
As
per them, an inherent design flaw makes mobile apps that work with Bluetooth
Low Energy devices vulnerable to hacking. This happens at the very
initial stage, when the device is just paired to the mobile app.
While
the magnitude of that vulnerability varies, it has been found that
this is a rather deep rooted problem among Bluetooth low energy devices when
communicating with mobile apps.
Consider
a wearable health and fitness tracker, smart thermostat, smart speaker or smart
home assistant. Each first communicates with the apps on your mobile device by
broadcasting something called a UUID — a universally unique identifier.
What
happens is this identifier allows the corresponding apps on the
connected device to recognise the Bluetooth device, creating a connection that
allows your phone and device to talk to one another.
However, this identifier itself is also embedded into the mobile app code, else mobile apps would not be able to recognise the device. The problem here is these UUIDs in the mobile apps make the devices vulnerable to a fingerprinting attack, as founded by the research team.
At
a minimum, a hacker could determine whether you have a particular Bluetooth
device, such as a smart speaker, at your home, by identifying whether or not
your smart device is broadcasting the particular UUIDs identified from the
corresponding mobile apps.
The
Solution is Relieving
The
best part about technology is how handy they can come in to be. What goes up can be pulled down and vice
versa. Even with problems on your Bluetooth device implanting the fear of
privacy breach, you don’t need to worry much.
The
researchers have found out that the problem should be relatively easy to fix
and have also made recommendations to app developers and to Bluetooth industry
groups.
If the app developers tightened defences in that initial authentication, the problem could be resolved.
The team
reported their findings to developers of vulnerable apps and to the Bluetooth
Special Interest Group, and created an automated tool to evaluate all of the
Bluetooth Low Energy apps in the Google Play Store – 18,166 at the time of
their research.
In addition to building the databases
directly from mobile apps of the Bluetooth devices in the market, the team’s
evaluation also identified 1,434 vulnerable apps that allow unauthorised
access. Their analysis did not include apps in the Apple Store.
“Bluetooth Pairing With Gadgets Is Vulnerable To Easy Hack; Your Personal Details Can Be Stolen Via Bluetooth”,
No comments:
Post a Comment