-
Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.
-
The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.
-
Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.
Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066
The range is impressive but I’m yet to imagine a usecase. How to abuse it for money or intel? Listening to bluetooth headphones, keylogging a wireless board? Emulating said keyboard to get access to more? It sounds like a single-target weapon to me. Can one get it working in a mall, like changing rooms in H&M, to make most phones disclosing their secrets? Then, it’s sure more fucked up. I wonder how many currently used devices won’t ever have this update.
Could they possibly intercept a call between a smartwatch and phone, during a gpay or apple pay? This is the biggest concern I have, as I use my watch to pay for everything.
Depends on how often they contact each other, I guess. Is phone even needed to do so once you authorized the watch? Can you pay with your phone being anywhere else?