Your Bluetooth Could Be Compromised And Sharing Your Data

On July 23rd Carnegie Mellon published Vulnerability Note VU#304725 to flag a security flaw found in Bluetooth firmware. It allows third parties to not only access the data sent between your devices, but tamper with it too. Read on to see how you could be affected.

A loophole in the Diffie-Hellman key exchange leaves your car computer or Alexa open to exploitation. Through a man in the middle attack criminals could find the cryptographic keys used by each device to connect to your device. For example, if attackers are within the range of your wireless keyboard they can snoop on the most recent passwords you’ve typed.

Researchers from the Techion Israel Institute of Technology flagged this loophole. That same day Apple informed Mac users that their most recent software updates should circumvent this threat.

If you’ve updated to macOS 10.13.5 on your Apple computer or iOS 11.4 on iPhone the patch has been uploaded to your device. You can check your OS version on your computer by going to:

  • Apple logo > About this Mac > Software Update

Or check your phone by going to:

  • Settings > General > Software Update

Check with the list of vendors here to see if your device has been compromised and if there’s a solution available. A good thing to do all the time is keep your Bluetooth private so people won’t be able to snoop on you. 

Keep your Bluetooth Private:

  1. Turn off your BluetoothSmart home connected devices are notorious for having security loopholes. They’re especially and susceptible to breaches, so if you’re not using it, turn it off.
  2. Update your software. When developers learn of these threats they immediately make modifications to secure their systems. If you update your software regularly it will take less time for new updates to download.
  3. Run a FixMeStick scan to ensure any malware is wiped from  your computer. Rest assured that over 10 antivirus engines are protecting your files!

Sign up for the FixMeStick newsletter here for the latest threat intelligence.