How the Bluetooth Hack Works?
Researchers from the Israel Institute of Technology discovered that the Bluetooth specification recommends, but does not mandate devices supporting the two features to validate the public encryption key received over-the-air during secure pairing.
Since this specification is optional, some vendors' Bluetooth products supporting the two features do not sufficiently validate elliptic curve parameters used to generate public keys during the Diffie-Hellman key exchange.
In this case, an unauthenticated, remote attacker within the range of targeted devices during the pairing process can launch a man-in-the-middle attack to obtain the cryptographic key used by the device, allowing them to potentially snoop on supposedly encrypted device communication to steal data going over-the-air, and inject malware.
Here's what the Bluetooth Special Interest Group (SIG), the maintainers of the technology, says about the flaw:
Congratulations @liv3! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of upvotes
Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word
STOP
Congratulations @liv3! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!