Bluetooth hacking technique has been uncovered.
This hack could potentially impact Blood glucose monitors, pulse oximeters, asthma inhalers and most wearable medical devices since many of the devices listed are using Bluetooth technology. The reliance on administering medication, diagnose injuries and transition of secure patient information is impacted by this hack. The threat is on a targeted attack against a company and or user/patients.
A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange.
The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm, while the implication of the bug on Google, Android and Linux are still unknown
The security vulnerability is related to two Bluetooth features—Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software, and BR/EDR implementations of Secure Simple Pairing in device firmware.
To fix the issue, the Bluetooth SIG has now updated the Bluetooth specification to require products to validate public keys received as part of public key-based security procedures.
Moreover, the organization has also added testing for this vulnerability within its Bluetooth Qualification Process.
The CERT/CC says patches are needed both in firmware or operating system software drivers, which should be obtained from vendors and developers of the affected products and installed.
This is a wakeup call for organizations to build an agile trackable patch management process for both vendors and internal systems and CyberX today can do that. We will track and develop internal processes to meet the need of vendor management and Patch management program.
Comentarios