A security flaw affecting Bluetooth on Android devices

A security flaw affecting Bluetooth on Android devices

August 11, 2020 Off By admin

Once again, Bluetooth technology demonstrates security vulnerabilities that could endanger the data of users using devices that work with Google's android system, that is, Android.

This article will also interest you: Digital tracing: Bluetooth as the weak link

The information can be simply stolen if the attacker knows how to effectively exploit the security flaw.

It's a previously unknown vulnerability. It will allow, without the knowledge of the target, to connect a Bluetooth device to a smartphone, without any intervention of the user.

The security flaw was discovered by Chinese researchers at DBAPPSecurity, a cybersecurity firm, during tests on how Bluetooth on Android smartphones works.

According to the researchers who made the discovery, it would be possible to steal some data such as the contents of the sms exchanged and the contacts of the phone. This vulnerability was presented at BlackHat, one of the largest gatherings dedicated to cybersecurity, on Wednesday, August 05. This year's event was held via video conference.

We are talking about an attack giving the possibility of imitating a Bluetooth device "Sourcell Xu and Xin Xin". To discover this vulnerability, the two Chinese researchers had to carry out several attacks based on existing security vulnerabilities. It was through several tests that they finally managed to discover the security flaw.

Among the computer attacks that have been tested is badbluetooth, a technique used to steal information from Bluetooth by installing a hacker application on the targeted device. Suffice to say that this technique is not at all discreet. In the end, their efforts were not at all in vain. Indeed, they finally managed to lay bare a flaw like Zero Day. This kind of flaw that was not known at the time of the design of the system and neither discovered by any other.

Conveniently, the vulnerability allows the attacker to bypass Bluetooth protocols.

Researchers named it "BlueRepli." This allows the attacker to connect to Bluetooth, posing as a device that has already connected to the bluetooth device, without the user even agreeing to the login request. "This vulnerability makes the victim not realize that hackers are accessing their contact logs," Sourcell Xu said in an interview with the specialist website CyberScoop.

The information that is likely to be stolen is SMS as mentioned above. On top of that we have call history. According to the researchers, on a particular smartphone whose brand has been concealed in particular the latter, it would be possible to send SMS without the user noticing.

When questioned by experts, US giant Google, the manager of the Android operating system, said it had not produced any security patches in the face of this new vulnerability. But that will not be long. However, there is a fact to be emphasized. Bluetooth technology is regularly attacked, regularly tested and verified by the entire cybercrime and cybersecurity community. There is not a single year that one discovers, a vulnerability, here and by the. It is even recalled that in 2018, a cybersecurity researcher discovered that several connected objects were affected, by a certain vulnerability allowing attackers to take control of his objects, via Bluetooth. And as early as last February, the US giant had fixed a vulnerability that allowed cyberattackers to eject malware into their victim's smartphone. There was nothing he could do about it to prevent them.

Now access an unlimited number of passwords:

Check out our hacking software