Several vulnerabilities in the Bluetooth protocol allow malicious people to make devices look like legitimate Bluetooth devices. This makes it possible to intercept sensitive information.
In short, it is possible to carry out a so-called man-in-the-middle attack (MitM). In doing so, a hacker mimics a legitimate Bluetooth device. For example, if your phone wants to connect to a speaker or a car, it can get confused and incorrectly connect to a hacker’s device, after which that device gains access to everything that is sent over that connection. That device must, of course, be in the vicinity.
The Bluetooth Special Interest Group (SIG), the organization behind the Bluetooth standard, has now published its own security advice and advises its partners to patch the vulnerabilities as soon as possible.
Not all devices or makers are vulnerable. The American CERT, which provides additional technical explanations on its website, has drawn up a list of the main Bluetooth players and whether their equipment has been affected.
The Android Open Source Project, Cisco, Red Hat and Intel are certainly among them. For players such as Apple, Alcatel-Lucent (and parent company Nokia), Qualcomm, Samsung, Ruckus Wireless and others, it is unclear whether they are susceptible to the problem.
