In systems equipped with modules usingBluetooth technology, serious vulnerabilities have been discovered that provide fraudsters with the ability to access confidential information. The Bluetooth Special Interest Group (Bluetooth SIG), which monitors the standards of Bluetooth technology and its compliance with licensing and trademark law, reported a problem with the encryption system.
Attackers can connect to devicesusers at the time of pairing gadgets, when exchanging public keys, consisting of letters and numbers. When generating a passkey, a hacker can intercept it, generate it in a short form and carry out an attack using enumeration of keys. In the future, an attacker will be able to control traffic between devices.
This penetration is only available to the hacker,physically located within the radius of the Bluetooth connection, as well as both devices are required to support Bluetooth BR / EDR. Vulnerability was identified in 16 tested sensor models. According to the Bluetooth SIG, this problem appeared due to the lack of a minimum key length requirement. Currently, manufacturers are notified of the problem and are already taking measures, releasing eliminating the danger of updating.