You will find major minor security issues are always a part of Android devices. Hence we get timely security patches to save our day. However, exploits can be minute and can be threatening if we overlook it. CERT (Computer Emergency Response Team) reports of a recent security threat plaguing the smartphones. This is a Bluetooth security breach. Various devices that sport Qualcomm, Intel or Broadcom chipset are vulnerable to this threat. Tablets and PC may also be a target to this security issue.
Now let’s discuss the rocket science behind the Bluetooth Security Breach. Bluetooth uses a device pairing mechanism known as elliptic-curve Diffie-Hellman (ECDH) key exchange. It enables encrypted communication between devices. The ECDH key pair consists of a private and a public key. There is an exchange of public keys to produce a sharable pairing key. The devices must also agree on the elliptic curve parameters in use.
In some implementations, the elliptic curve parameters don’t get validation by the cryptographic algorithm. So a hacker within Bluetooth range can intercept and steal all the data that transfers between devices. That will include notifications and security codes for two-factor authentication.
Now security issues are always fixable. So, this ongoing Bluetooth Security Breach is no exception to that. The devices which have installed the June 2018 Android security patch and onwards are entirely safe from the threat. However, not every Android device support seamless updates. This means these phones/tablets may not have the latest June 2018 security update. Hence, these devices are vulnerable to the said Bluetooth hacking threat.
So, check if your device is on the June 2018 security patch. If your phone is a defaulter, try to check for automatic OTA update. Install the update ASAP if it’s already rolling out. You can manually install the latest software as well. Else some hacker may steal vital info from your device by taking advantage of the Bluetooth security breach.
The Custom Droid Comment Policy
Your words are your own, so be nice and helpful if you can. Please, only use your real name and email address. Your email address will not be published publically.