Welcome to the future. You have new enemies: many of your devices that use Bluetooth.
A study presented at the Association for Computing Machinery’s Conference on Computer and Communications Security alleges that a design glitch can leave mobile apps that work with Bluetooth devices open to hacking.
The findings from Zhiqiang Lin, associate professor of computer science and engineering at Ohio State University, show that a fundamental design flaw can create vulnerability. Lin explains the problem is a result of the way Bluetooth devices communicate with mobile apps, making devices vulnerable when they’re initially paired with a mobile app and again when operating.
While the degree of danger varies, Lin explains that at minimum, a hacker could find where in your home, say, your smart speaker is. Encryption helps to mitigate problems, but Lin maintains that “in some cases, in which no encryption is involved or encryption is used improperly between mobile apps and devices, the attacker would be able to ‘listen in’ on your conversation and collect that data.”
Lin’s team of high-tech investigators built a hacking device called a “sniffer” to test their findings and discovered about 5,800 Bluetooth devices in a 1.28-mile radius. Of those devices, “94.6% were able to be ‘fingerprinted’ (or identified) by an attack,” according to a statement. The team also found 1,434 apps (not including those in the Apple store) that are ripe for exploitation.
“It was alarming,” says Lin, noting the team offered security advice to app developers and the Bluetooth industry. “The potential for privacy invasion is high.
Ref;nypost.com