Avoiding Bluetooth Decay
A CERT advisory has been released regarding the stability of Bluetooth authentication. In short, the advisory outlines that “the authentication provided by the Bluetooth pairing protocols is insufficient.”
This weakness in the Bluetooth key exchange is exploitable and could allow a remote attacker to intercept encryption data.
Potentially, malicious actors could view contacts stored on the device, passwords typed on a keyboard, or other sensitive content stored by the device. They may even be able to manipulate the device to access a connected phone or computer.
There will be software and firmware updates released to address his vulnerability. The CVSS score is rated as a 7.3, so apply these updates as they become available.
Affected Vendors: Android, Apple, Broadcom, Dell, Google, Intel, and QUALCOMM Incorporated.
This highlights, yet again, why companies need a patching strategy utilizing a patch manager. A vulnerability like this can go under the radar.
Cloud Management Suite is an IT solution that can show you all the devices connected to your network. Don’t get surprised by what’s lurking in your environment.