Bluetooth and WiFi Bugs Can Leak Sensitive Data From Billions of Devices

It’s crucial that you work with IT professionals who are vigilant about Bluetooth security.

Developers should take into account the limitations of their chosen method of encryption and the security vulnerabilities that could be exploited. 

Likewise, security experts should take note of known attacks on Bluetooth communications and make sure that they’re prepared for any new or unknown attacks that may arise in the future.

Bluetooth is a short-range, low-power wireless technology that uses radio waves, designed to establish connections between devices that are near one another.

Faulty Bluetooth and WiFi Chips Leave Billions of Devices Vulnerable To Hacking

Researchers at the Technical University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab published a paper that proves a device's Bluetooth component can be exploited to extract passwords and manipulate WiFi traffic.

Nowadays, consumer electronic devices, such as smartphones, feature System-on-a-Chips (SoCs) that contain separate components for Bluetooth, WiFi, and LTE—each implementing its own security protocol. Nevertheless, they share resources, like antennas and wireless spectrum.

SoCs that share resources will be more energy efficient and have higher throughput and low latency in communications.

However, the researchers uncovered that such shared resources could be exploited to launch lateral privilege escalation attacks across wireless chips. These attacks can result in code execution, memory readout, or denial of service (DoS).

Code Execution

Bluetooth code execution occurs when hackers break the encryption on a Bluetooth connection to gain data access or control over a device. 

Once a hacker has access to the device, he can intercept data being sent through it and even read messages sent between devices that aren't connected to the internet.

Memory Readout

In a Bluetooth memory readout, hackers can read the data present in a Bluetooth-enabled device. It can include phone numbers, messages, names, or anything transmitted over Bluetooth.

Hackers don't have to physically steal a phone or laptop to steal this information. All they need is a Bluetooth-enabled device and an app that can read its information.

This hacking technique is usually used to steal passwords and gain access to emails to cause damage.

Denial of Service (DoS)

A hacker’s goal in a Bluetooth denial of service attack is to disrupt or shut down all communications on a device or network by sending an overload of data, which causes the network connection to become overwhelmed with the data packets and ultimately crashes.

Bluetooth DoS attacks disrupt or shut down all communication by sending an overload of data, causing the network connection to get overwhelmed with data packets and, eventually, crash.

What the Risks Are

Even though the vendors were notified of the bugs, it was not possible to patch all of them since the products are hardware bonded. Billions of devices are at risk due to this vulnerability and you shouldn’t wait for confirmation if you're among the unfortunate consumers.

What You Can Do

This bug may or may not affect you. To be on the safe side, take preventative measures. Avoid hardware-related issues from arising and follow these simple precautions: 

Disable Unused WiFi Networks

Most of the time, people use their WiFi to connect to the internet. They do not know that when they are connected to WiFi, they are vulnerable to cyber attacks.

When you’re at home or in a public place, it’s important that you disable any unused WiFi network, because most of the time, these networks are unprotected and do not have any security features.

Most people don't realize how vulnerable they are when they’re on their phone or laptop and connected to an open network. Any hacker within range can access their device through an open connection. If you want to prevent this from happening, make sure your WiFi router is password-protected.

Avoid Using WiFi in Public Spaces and Use Cellular Data Instead

When using public WiFi networks, you need to connect your device to a network first and use a password. As much as possible, never use WiFi in public spaces and use cellular instead to protect your information from hackers lurking online.

Some hackers will spoof a public WiFi network with their own access point so unsuspecting victims enter their personal information or passwords into the hacker's website instead of the legitimate one.

If you cannot avoid using public WiFi, use a reliable virtual private network (VPN) to encrypt your data and make it hard for hackers to intercept it.

Don’t Pair Bluetooth Devices That Aren’t Needed

Among the most common Bluetooth devices are earphones, keyboards, speakers, and fitness trackers. The first three are the most dangerous because they connect to a computer or other Bluetooth-enabled devices that can be used to steal information. 

For example, a hacker could break into the computer through the earphones to take over your screen and see your passwords.

A fitness tracker is safer because it just connects with your phone which doesn't have as much sensitive information on it as a computer does. The safest option is to not pair any Bluetooth devices at all if it’s not necessary—especially if you’re in a public space.

Upgrade Your Devices if You’re Still Using Older Models

From a security standpoint, it would be wise to switch to a device that is actively supported by its manufacturer, as patching tends to favor the most recent models.

The computer you are using is more susceptible to malware and ransomware attacks because of the lack of security updates.

If your clinic still uses computer systems that are over three years old, you must upgrade your devices immediately to prevent serious data breaches.

Avoid Costly Breaches by Preventing Similar Risks

Network problems like this are not new. Unfortunately, no matter how careful you are, it’s sometimes impossible to avoid bugs like these since the problem lies with the vendor. 

However, having a 24/7 IT support team that is proactive in identifying and mitigating such risks can be extremely beneficial. Additionally, they will likely be able to help you with any upgrade to your IT systems and stay on top of threats.

Here at ER Tech Pros, we understand that you need to focus on your core business. If you would like assistance implementing any of the tips above or need more information on cybersecurity, schedule a call with one of our IT experts today.