New Bluetooth Vulnerability Discovered But iOS 11.4+ And macOS 10.13.5+ Users Don’t Need To Worry About It
A new and potentially worrying vulnerability within the implementation of Bluetooth has been discovered and published this week by Intel. The vulnerability comes with the potential to allow hackers to intercept transmissions and relay malicious signals back and forth between two affected Bluetooth-compatible devices.
According to the report, the issue is extremely widespread and can affect Bluetooth implementations and drivers within Apple, Broadcom, Intel, and Qualcomm systems, which goes to show exactly how far this has the potential to spread and how many users and devices it could potentially affect.
According to the Intel report, the malicious individual would need to be within 30 meters of the target device(s) and could potentially affect how that device performs:
A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.
The potential number of affected devices appears to be quite huge in terms of scale but actual devices are somewhat smaller according to experts at the Bluetooth Special Interest Group (SIG). In order to attack a vulnerable device, a hacker would need to be within Bluetooth range of the hardware and would need to hijack the affected devices at the exact time that both pieces of hardware were going through a pairing process.
Because of that requirement of being part of the pairing process, the whole exchange, which involves intercepting the public key exchange and blocking and forging transmissions, would need to be done within an extremely narrow window of time.
For those who have Apple devices and are potentially about the implications, be aware that the Cupertino-based company has already introduced a fix for this problem in earlier software versions, meaning iOS and macOS users don’t actually need to be worried as long as they have iOS 11.4 or macOS 10.13.5/6. The other affected manufacturers have also introduced fixes meaning that the whole Intel report appears to be one of an informative nature rather than something designed to spark concern amongst device owners.