Posted on November 16, 2019 at 11:30 PM
A defect seen with the Bluetooth Low Energy (BLE) gadgets means hackers will have an easier time breaking into them. This is based on a study conducted by researchers from Ohio State University.
Ever since it was launched in 2012, the Bluetooth Low Energy (BLE) technology has become a popular choice in several devices. This technology enables devices to communicate with a higher level of efficiency when compared with the earlier forms of technology.
Conventional and everyday devices that use it, like the wearable fitness and health trackers, smart sound systems and smart thermostats will initially link up with the software applications on the mobile device. This is done via broadcasting using what is known as a universally unique identifier.
With the way the systems are designed, the identifier in question is incorporated into the code for the mobile application. If this is not done, there is no way the mobile applications will be able to hook up with one another. But there is another sinister side to this very important feature. The same identifiers in the applications also make the devices to be vulnerable to attacks using fingerprints. This is what the scientists at Ohio State University have discovered in their research.
Zhigiang Lin is an associate professor and was the leader of the research group. The explanation is that there is a basic flaw that opens these devices to attack. The first is when they are linked up with a mobile application and another when the devices are in operation mode. The severity of the vulnerability differs. However, it is recurrent with BLE devices and this is noticed whenever there is a communication with mobile applications.
A hacker is able to conclude on whether you are making use of a specific Bluetooth device like a smart speaker in your house. This can be done simply by working out if your smart device is working using the identifier from particular mobile applications. In fact, it can get worse. In some instances where there is no encryption of any kind, the hacker can just eavesdrop on your conversation and harvest data that way. This can also be done in cases where there is encryption but the usage is defective.
Lin also explained that the good news is that the issue can be fixed easily. The group of researchers also issued recommendations to developers of applications and Bluetooth industry teams. When the flaw was noticed, the researchers were eager to know how it was going to operate in the real world. So they constructed a sniffer which is a hacking tool that can locate Bluetooth gadgets using the broadcasting messages sent by the devices.
In making use of this tool, they were able to locate almost 6,000 BLE devices in an area of less than two square miles. Of all these, almost 95% were identified using attacks and more than 7% were clearly vulnerable to hackers and all manner of unauthorized entries.
The gadgets that were vulnerable to unauthorized entries were linked with the initial fingerprinting that occurs between the gadget and the mobile application that the hackers took advantage of. The researchers went ahead to come up with a tool that assessed all the BLE apps in the Google Play Store – there were over 18,000 of them in all.