Even your own Bluetooth device can give access to hackers to get all your personal details.
Even with the advancements of technology we are experiencing major privacy always and major vulnerabilities.
At present, who is not connected to the Bluetooth device? Most of us are connected to speakers, Smartwatches, etc to get their Bluetooth device in working condition.
Bluetooth devices may get your data leaked
If you take a fitness tracker, Smartwatch, Speaker, Wireless headphone or any smart assistant you require Bluetooth for connectivity.
The process of how Bluetooth communicates with the Applications leaves room for hackers to steal new information as per the new research data.
We have strong and advanced security experts to notify these issues before. All these were discussed at the Association for Computing Machinery’s Conference on Computer and Communications Security held in London from November 11-15.
How it can happen
According to the Associate Professor of Computer Science and Engineering at The Ohio State University in the US States, There is a flaw that allows these devices vulnerable when they are paired to a device via the application.
“While the magnitude of that vulnerability varies, we found it to be a consistent problem among Bluetooth low energy devices when communicating with mobile apps,” Lin added.
No matter the device, it might be a fitness tracker, smart thermostat, smart speaker or smart home assistant.
Each device first establishes a communicates with the apps on the mobile device by UUID – a universally unique identifier.
The unique identifier allows the related application to recognize the Bluetooth device and it created a connection that enables the mutual connection between the device and the application. You can relate this system with the smartwatches.
Information Hacker can get
In the least, hackers can know the type of Bluetooth device you’re using such as a smartwatch, at your home and identifying whether the device is broadcasting UUIDs from the corresponding apps.
Even in some cases, there is no encryption involved or the encryption is used improperly between the mobile apps and devices, with this vulnerability hackers can gain access to your conversation and can also collect the data.
Solution to this
The best part of the evolving technology is that there is a solution that can be implemented to eradicate this type of vulnerabilities.
“We think the problem should be relatively easy to fix, and we’ve made recommendations to app developers and to Bluetooth industry groups,” he said.
Researches have found out that, the solution to this is an easy fix and also made required recommendations to the app developers and also to the Bluetooth industry.
Along with this, the team also reported all the researches related to the vulnerable apps to the specialized Bluetooth group.
Based on this, they have created a specialized tool that can detect the vulnerable apps and the count got up to 18,166.
In respect to the findings, 1,434 vulnerable apps allow unauthorized access which is way more dangerous. However, reports did not include apps under the Apple Store.
Android Users warned for wireless Earbuds hack
According to the report, hackers can gain access to your phone using its baseband firmware, the software designed to interface with Bluetooth and USB accessories, sending commands to the gadget asking it to reveal its unique identifiers. Once access is gained, hackers can transfer the phone to an insecure connection, subsequently allowing them to intercept calls, access the phone’s data, or even shut the phone down altogether by blocking phone network and internet access.
Speaking to TechCrunch, study coauthors Syed Rafiul Hussain and Imtiaz Karim explained that “the attacks can be easily carried out by an adversary with cheap Bluetooth connectors or by setting up a malicious USB charging station,” meaning close proximity is typically necessary. “If your smartphone is connected with a headphone or any other Bluetooth device, the attacker can first exploit the inherent vulnerabilities of the Bluetooth connection and then inject those malformed AT commands,” the researchers added.