Decade-old Bluetooth flaw lets hackers steal data passing between devices

A large scale patching exercise to resolve a serious vulnerability in the Bluetooth specification that allows attackers to intercept and tamper with data exchanged wirelessly is underway. The disclosure in a research paper is serious because it allows people to perform a man-in-the-middle attack on the connection between vulnerable devices, reports Arstechnica


From there, attackers can view any exchanged data, which might include contacts stored on a device, passwords typed on a keyboard, or sensitive information used by medical, point-of-sale, or automotive equipment. Attackers could also forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website in an outright compromise of the connected phone or computer.


“This attack lets an attacker who can read and modify Bluetooth traffic during pairing force the key to be something they know,” JP Smith, a security engineer and Bluetooth security expert at security firm Trail of Bits, told Ars. “It’s not mathematically/theoretically novel at all, and it’s in fact about the simplest attack you can do on elliptic curve cryptosystems. Notably, this is a protocol-level fault, so if you implemented the Bluetooth spec out of the book (without some optional validation), you have this bug.”

more news

Kaspersky Highlights Information Security In Loss Figures


To budget for information security, companies need to consider factors such as average potential losses, preferably by incident type, as well as other businesses’ average, outlays on security, Says the latest security report from Kaspersky.

read more

Half Of Global Organisations Not Prepared For Cyberattacks


It is believed that more than 4,000 cyberattacks occur daily worldwide, but half of organisations across the globe admit they are not prepared for such events.

read more

Secure Your Physical Business Against Data Theft


Data theft does not just happen in cyberspace, but in the physical business environment, too. Lax physical security can allow criminals to access your computers, filing cabinets, documents left on desktops, etc. Here are some tips for you to ensure your everyday working environment is safe and secure.

read more

UK Launches Third NCSC Annual Review


Paymaster General and Minister for the Cabinet Office Oliver Dowden MP has launched the UK's National Cyber Security Centre's third Annual Review. In his presentation speech, he said: "Thank you, everyone, for joining us this morning. Cybersecurity is genuinely a massive priority for the government and it gives me great pleasure to launch the National Cyber Security Centre’s third Annual Review.

read more