HT TECH wants to start sending you push notifications. Click allow to subscribe

Bluetooth devices may leak your secrets due to design flaw

An inherent design flaw makes mobile apps that work with Bluetooth Low Energy devices vulnerable to hacking.

By: INDO ASIAN NEWS SERVICE
Updated on: Aug 20 2022, 17:49 IST
Bluetooth devices hacking risk. (Pixabay)
Bluetooth devices hacking risk. (Pixabay)

Be it a fitness tracker, smartwatch, smart speaker or smart home assistant, the way Bluetooth devices communicate with the mobile apps leaves room for hackers to steal sensitive personal information, new research has found.

An inherent design flaw makes mobile apps that work with Bluetooth Low Energy devices vulnerable to hacking, said the study described at the Association for Computing Machinery's Conference on Computer and Communications Security held in London from November 11-15.

You may be interested in

Mobiles Tablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
₹148,900₹159,900
Buy now
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
₹107,999₹149,999
Buy now
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
₹106,998
Check details
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage
₹87,900
Check details
21% OFF
Acer Swift Go SFG14 41 NX KG3SI 002 Laptop
  • Pure Silver
  • 8 GB RAM
  • 512 GB SSD
₹58,999₹74,999
Buy now
39% OFF
Acer Aspire 5 A515 57G Laptop
  • Gray
  • 16 GB RAM
  • 512 GB SSD
₹54,949₹89,999
Buy now
22% OFF
Acer Aspire 3 A315 24 NX KDESI 004 Laptop
  • Silver
  • 8 GB RAM
  • 512 GB SSD
₹33,499₹42,999
Buy now
40% OFF
Asus VivoBook 15 X515JA BQ322WS Laptop
  • Transparent Silver
  • 8 GB RAM
  • 512 GB SSD
₹31,350₹51,990
Buy now
34% OFF
Xiaomi Pad 6
  • Mist Blue
  • 6 GB RAM
  • 128 GB Storage
₹26,299₹39,999
Buy now
55% OFF
Lenovo Tab M10 5G
  • Abyss Blue
  • 6 GB RAM
  • 128 GB Storage
₹20,999₹47,000
Buy now
32% OFF
Realme Pad 2
  • Imagination Grey
  • 6 GB RAM
  • 128 GB Storage
₹19,749₹28,999
Buy now
Honor Pad X9
  • Gray
  • 4 GB RAM
  • 128 GB Storage
₹14,999
Check details

"There is a fundamental flaw that leaves these devices vulnerable -- first when they are initially paired to a mobile app, and then again when they are operating," said Zhiqiang Lin, Associate Professor of Computer Science and Engineering at The Ohio State University in the US.

Also read: Looking for a smartphone? To check mobile finder click here.

"While the magnitude of that vulnerability varies, we found it to be a consistent problem among Bluetooth low energy devices when communicating with mobile apps," Lin added.

Consider a wearable health and fitness tracker, smart thermostat, smart speaker or smart home assistant. Each first communicates with the apps on your mobile device by broadcasting something called a UUID -- a universally unique identifier.

That identifier allows the corresponding apps on your phone to recognise the Bluetooth device, creating a connection that allows your phone and device to talk to one another. But that identifier itself is also embedded into the mobile app code. Otherwise, mobile apps would not be able to recognise the device. However, such UUIDs in the mobile apps make the devices vulnerable to a fingerprinting attack, the research team found.

"At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps," Lin said.

"But in some cases in which no encryption is involved or encryption is used improperly between mobile apps and devices, the attacker would be able to 'listen in' on your conversation and collect that data."

Still, that doesn't mean you should throw your smartwatch away.

"We think the problem should be relatively easy to fix, and we've made recommendations to app developers and to Bluetooth industry groups," he said.

If app developers tightened defences in that initial authentication, the problem could be resolved, Lin said.

The team reported their findings to developers of vulnerable apps and to the Bluetooth Special Interest Group, and created an automated tool to evaluate all of the Bluetooth Low Energy apps in the Google Play Store - 18,166 at the time of their research.

In addition to building the databases directly from mobile apps of the Bluetooth devices in the market, the team's evaluation also identified 1,434 vulnerable apps that allow unauthorised access. Their analysis did not include apps in the Apple Store.

"It was alarming," he said. "The potential for privacy invasion is high."

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on ,Twitter, Facebook, , and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 15 Nov, 18:50 IST
Tags:

Sale

Mobiles Tablets Laptops
4% OFF
Samsung Galaxy S24 Ultra
  • Titanium Black
  • 12 GB RAM
  • 256 GB Storage
₹129,999₹134,999
Buy now
13% OFF
Xiaomi 14
  • Matte Black
  • 12 GB RAM
  • 512 GB Storage
₹69,999₹79,999
Buy now
10% OFF
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage
₹72,200₹79,900
Buy now
12% OFF
IQOO 12 5G
  • Legend
  • 12 GB RAM
  • 256 GB Storage
₹52,999₹59,999
Buy now
35% OFF
Xiaomi Pad 6
  • Mist Blue
  • 6 GB RAM
  • 128 GB Storage
₹25,998₹39,999
Buy now
38% OFF
Lenovo Tab M10 5G
  • Abyss Blue
  • 6 GB RAM
  • 128 GB Storage
₹20,999₹34,000
Buy now
38% OFF
Realme Pad 2
  • Imagination Grey
  • 6 GB RAM
  • 128 GB Storage
₹17,999₹28,999
Buy now
57% OFF
Honor Pad X8
  • Blue Hour
  • 3 GB RAM
  • 32 GB Storage
₹8,999₹20,999
Buy now
29% OFF
Asus ROG Flow X13 GV301RE LI201WS Laptop
  • Off Black
  • 32 GB RAM
  • 1 TB SSD
₹89,789₹125,989
Buy now
39% OFF
Asus ROG Zephyrus G14 GA401QH HZ076TS Laptop
  • Black
  • 8 GB RAM
  • 1 TB SSD
₹94,990₹155,990
Buy now
31% OFF
Asus ROG Zephyrus G14 GA401QC HZ094TS Laptop
  • Grey
  • 16 GB RAM
  • 1 TB SSD
₹94,999₹137,990
Buy now
27% OFF
Asus TUF Gaming F15 FX506HC HN089WS Laptop
  • Graphite Black
  • 8 GB RAM
  • 512 GB SSD
₹60,990₹82,990
Buy now