Never miss a story

Get subscribed to our newsletter


×
While the magnitude of that vulnerability varies, we found it to be a consistent problem among Bluetooth low energy devices when communicating with mobile apps. Pixabay

Be it a fitness tracker, smartwatch, smart speaker or smart home assistant, the way Bluetooth devices communicate with the mobile apps leaves room for hackers to steal sensitive personal information, new research has found.

An inherent design flaw makes mobile apps that work with Bluetooth Low Energy devices vulnerable to hacking, said the study described at the Association for Computing Machinery’s Conference on Computer and Communications Security held in London from November 11-15.


“There is a fundamental flaw that leaves these devices vulnerable — first when they are initially paired to a mobile app, and then again when they are operating,” said Zhiqiang Lin, Associate Professor of Computer Science and Engineering at The Ohio State University in the US.

“While the magnitude of that vulnerability varies, we found it to be a consistent problem among Bluetooth low energy devices when communicating with mobile apps,” Lin added.


An inherent design flaw makes mobile apps that work with Bluetooth Low Energy devices vulnerable to hacking, said the study described at the Association for Computing Machinery’s Conference on Computer and Communications Security held in London from November 11-15. Pixabay

Consider a wearable health and fitness tracker, smart thermostat, smart speaker or smart home assistant.

Each first communicates with the apps on your mobile device by broadcasting something called a UUID — a universally unique identifier.

That identifier allows the corresponding apps on your phone to recognise the Bluetooth device, creating a connection that allows your phone and device to talk to one another.

But that identifier itself is also embedded into the mobile app code. Otherwise, mobile apps would not be able to recognise the device. However, such UUIDs in the mobile apps make the devices vulnerable to a fingerprinting attack, the research team found.

Also Read- Countries to Test Nuclear Technique that Sterilizes Mosquitoes to Control Spread of Dengue, Zika

“At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps,” Lin said.

“But in some cases in which no encryption is involved or encryption is used improperly between mobile apps and devices, the attacker would be able to ‘listen in’ on your conversation and collect that data.”

Still, that doesn’t mean you should throw your smartwatch away.

“We think the problem should be relatively easy to fix, and we’ve made recommendations to app developers and to Bluetooth industry groups,” he said.


There is a fundamental flaw that leaves these devices vulnerable — first when they are initially paired to a mobile app, and then again when they are operating. Pixabay

If app developers tightened defences in that initial authentication, the problem could be resolved, Lin said.

The team reported their findings to developers of vulnerable apps and to the Bluetooth Special Interest Group, and created an automated tool to evaluate all of the Bluetooth Low Energy apps in the Google Play Store – 18,166 at the time of their research.

In addition to building the databases directly from mobile apps of the Bluetooth devices in the market, the team’s evaluation also identified 1,434 vulnerable apps that allow unauthorised access. Their analysis did not include apps in the Apple Store.

Also Read- Plan to Protect Corals in Gulf of Mexico Close to Becoming Law

“It was alarming,” he said. “The potential for privacy invasion is high.” (IANS)


Popular

Photo by febri sym on Unsplash

Achieving soft, beautiful and happy skin is a dream for most of us or at least a long-pending item on our wish list.

Achieving soft, beautiful and happy skin is a dream for most of us or at least a long-pending item on our wish list. While there are lot of suggestions, a laundry list of do's and don'ts to follow, there are some basics that don't change. We have to understand that happy skin is a holistic process that requires one to work on building healthy habits combined with good skincare.

Here's a ready reckoner by ITC Fiama of tried and tested skincare habits that will serve as a reminder that skincare doesn't need to be complicated, it just needs to be consistent.


* Cleanse & Moisturise -- The first and the simplest step towards healthy skin is regular cleansing and moisturising, it is advisable to use a moisturizing body soap that ensures your skin gets the right nutrients and remains supple and nourished. A great product suited to this requirement is Fiama Gel Bathing Bar, which is enriched with nature's goodness. Fiama's bathing bars come in 5 variants and they help moisturize the skin making it appear soft, happy and bouncy.

Keep Reading Show less
Photo by Pixabay

It is true that street performances has been existing in India since ancient times. But, it was Philip Astley who brought the concept of circus in India in the 1880s. Interestingly, Astley is known as the father of modern circus.

Birth of the Great Indian Circus

Keep Reading Show less
Unsplash

API security testing is a process that checks API functions for security vulnerabilities.

By- Naman Rastogi

The first thing to understand about API security testing is that it is not a one-size-fits-all process. Testers must take into account the scope of the project, as well as the specific needs of developers and end-users. This article will provide you with some basic guidelines for an API security testing program. It will also outline some API security tests that you should consider including in your API testing process.

Keep reading... Show less