One of the most convenient features many of us enjoy on our mobile devices is Bluetooth, which allows our electronics to connect and “talk” to other gadgets. Because these connections could constitute a network, it’s important that this wireless technology be as secure as possible.
Bluetooth vulnerability: Why you should update your phone now
A new encryption vulnerability threatens to allow our personal information to be stolen via Bluetooth. The flaw, discovered by researchers at the Israel Institute of Technology, is being publicized by the U.S. Computer Emergency Response Team (CERT), which is based in the Carnegie Mellon Software Engineering Institute.
An announcement from CERT says the Bluetooth security hole “may allow a remote attacker to obtain the encryption key used by the device.”
The Bluetooth Special Interest Group (SIG), which oversees implementation of the technology, said users could be exposed to “a man-in-the-middle attack” if the perpetrator is “within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure.”
As you can imagine, this issue likely affects you, me and millions of other people with cell phones and other gadgets. Even if you have the latest, greatest Bluetooth-enabled mobile phone powered by the titans of technology, Apple, Google, Intel, etc., it is vulnerable to this security flaw if you don’t take action.
Here’s how to make sure your Bluetooth is safe
Bluetooth SIG says it has updated its public key validations, “thereby providing a remedy to the vulnerability from a specification perspective.” Now it’s up to us: Have you updated your device lately?
This handy chart shows the vendors that are affected and the date your device should have been updated or is ready to update. (Hint: If your iPhone or Android smartphone isn’t notifying you of a new update, you may already have the software fix).
|Vendor||Status||Date Notified||Date Updated|
|Apple||Affected||18 Jan 2018||23 Jul 2018|
|Broadcom||Affected||18 Jan 2018||19 Jun 2018|
|Intel||Affected||18 Jan 2018||23 Jul 2018|
|QUALCOMM Incorporated||Affected||18 Jan 2018||06 Feb 2018|
|Microsoft||Not Affected||06 Feb 2018||20 Jul 2018|
|Android Open Source Project||Unknown||18 Jan 2018||18 Jan 2018|
|Bluetooth SIG||Unknown||06 Feb 2018||06 Feb 2018|
|Unknown||19 Mar 2018||19 Mar 2018|
|Linux Kernel||Unknown||05 Mar 2018||05 Mar 2018|