A research paper published Wednesday reveals a flaw in the Bluetooth wireless standard that allows attackers to intercept and tamper with data that exchanged over a Bluetooth connection.
Data at risk includes contact information stored on a device, passwords, or other sensitive information, according to an Ars Technica report. Hackers gain access to the data by forcing a device to use a known pairing key. For instance, when you pair your phone with your computer, you might be prompted to enter a five-digit code. Hackers leverage that code to intercept information when you pair the device again.
This flaw is different than the BlueBorne virus that cropped up last year, which allowed hackers to gain control of a device using its Bluetooth connection. The new exploit has been present in Bluetooth for over a decade, but until now has been unknown.
Many device makers are issuing patches to correct the issue. If you receive a notice of a security update from a device that you use, it’s important to install it as soon as possible to prevent yourself from becoming vulnerable. Patches are already available for devices running Apple’s macOS and iOS and Google’s Android operating systems. The exploit requires both devices in the connection to be vulnerable.
