Two new vulnerabilities in the Bluetooth security features were detected that may allow hackers to remotely hijack devices.
EUROCOM Security Researcher Daniele Antonioli reported security flaws in the data exchange standard, risking the threat of Bluetooth Forward and Future Secrecy (BLUFF) attacks.
Devices that use Bluetooth 4.2 to 5.4 inclusive, or all devices made from 2014 to now, are vulnerable to attacks. AirDrop is particularly more prone as a front for a digital attack.
According to Antonioli, threat actors may use the Bluetooth connection for device impersonation and man-in-the-middle attacks.
Both methods dupe owners to share their personal data with third parties with the intention to exploit it.
How Does BLUFF Attacks Happen?
Antonioli explained that BLUFF attacks become successful when an owner unknowingly connects to other devices "within wireless range of two vulnerable Bluetooth" standards.
Connecting to an infected device may allow hackers to tap into the encryption procedure, replacing it with a weaker session key and gaining access to most of the file's data.
This was not the first time a major vulnerability in Bluetooth was discovered.
In 2020, Antonioli also penned a study on Bluetooth Impersonation Attacks that allow hackers to completely bypass authentication to impersonate the original user.
How to Secure Devices Against Bluetooth Attacks?
Unfortunately, the vulnerabilities can only be fixed by the companies who manufacture and distribute them. Of which, Antonioli calls for a fast response from the big tech wigs.
Users can still protect their phones and devices from cyberattacks in some manner. The first is to keep the Bluetooth turned off as often as possible to prevent others from trying to access it.
There is now an online alternative for sending files and will not need the help of Bluetooth as always.
Meanwhile, Antonioli advised users to constantly update the OS for their anti-virus software. Another way is to get a trusted threat detection system in your phone to alert you if there is someone tampering with your devices.
Related Article : Telegram Bot Being Used by Hackers for Large-scale Phishing Scams