A flaw in Bluetooth allows communications to be hacked -
A major security flaw in Bluetooth has been highlighted by researchers from the Federal Polytechnic School of Lausanne (EPFL) and Purdue University.
A vulnerability that could allow hackers to launch all kinds of programs to connected devices, without the knowledge of their owner.
The flaw is located at the level of "the cross transport key derivation (CTKD) in the implementations supporting the pairing and the encryption with Bluetooth BR / EDR and LE in the specifications Bluetooth 4.2 to 5.0", specifies Bluetooth SIG in its declaration.
In fact, a hacker could bypass the authentication of connected products by first binding to a Bluetooth device that is not protected or does not require authentication.
Once connected to the latter, the hacker would be able to reach the secure devices linked to him via the fault in Bluetooth.
It could therefore launch programs on these normally secure devices.
The flaw should be fixed before it can be exploited by hackers
The attack which is likely to allow this piracy has been called “BLURtooth” and is indeed based on the possibility for the hacker to manipulate the CTKD (cross-transport key derivation), namely a pairing system through which two devices “negotiate” the Bluetooth standard by which they will connect, but also the authentication keys they will use.
By exploiting the flaw, a hacker could modify the CTKD to rewrite the communication rules of a device in order to use it as an access bridge to others linked to it.
The flaw concerns both devices under Bluetooth 4.0 and 5.0, specifies the Bluetooth Special Interest Group.
The community still indicates that no piracy is to be deplored for the moment.
A corrective patch is in preparation and should be released soon.
4G: A network breach exposes phone calls to hacker attacks
By the Web
The Paris court was the target of widespread hacking