Mobile tracking: Bluetooth and its vulnerabilities, always at the heart of the debates
Today, the one who talks about coronavirus also speaks of ongoing deconfinement.
This deconfinement can only be done when a system can be put in place to control the spread of viruses. Like the French government, the idea was developed to use mobile tracing applications to identify different interactions and be able to warn in advance of anyone who has contact with others who have subsequently been tested positive.
This article will also interest you: Digital tracing: Bluetooth as the weak link
The thing about mobile tracking apps is that they rely largely on Bluetooth technology. Technology that already suffers from several vulnerabilities. It is for this reason that computer security experts have repeatedly meant that using technology in this context can attract even more hackers, who are sure to take advantage of the situation and undermine the computer security of millions of users. "As we've seen with Covid-19 scams, attackers are following trends and the millions of new users moving to a rapidly developed platform make them a prime target." Points out Stas Protassov. For this purpose, developers and people involved in implementing this kind of application are encouraged to pay more and more attention and ensure that vulnerabilities will be plugged before a deployment in general. Moreover, these same experts challenge users who are involved in a tracking system, asking them to take certain basic precautions and to do as few actions as possible that can make them vulnerable to cyber attacks.
However, let's talk about the different vulnerabilities that affect Bluetooth technology. As mentioned earlier, Bluetooth has several weaknesses according to safety experts. It is for this reason that the call for mistrust was launched from the beginning that the idea was issued by the French government. Acronis co-founder and president of technology Stas Protassov says that in the past, Bluetooth technology has already experienced several safety sheets, some of which have not been corrected so far. It even reveals that another flaw was discovered last February called BlueFrag, a flaw that only affected Android devices and has already been fixed. However, even though security patches have already been made to all its vulnerabilities in Bluetooth, the fact remains that many users, even millions, have not yet updated their mobile to plug this breach. This makes them vulnerable to potential attacks. "Individuals will want to download these applications to help curb the pandemic, but they also need to be aware of the risks they are taking in terms of cyber protection. Only official applications should be installed," said Stas Protassov. And it is true that often malicious applications strongly resemble the official applications, which often makes it easier for the hacker when the user infects himself.
HackerOne's technical program director, Niels Schweisshelm, also wanted to highlight the danger of Bluetooth through its multiple vulnerabilities. Vulnerabilities that can be exploited remotely, and that would give hackers enough privileges to run malware on Android smartphones. In addition, he added that there is no evidence that future versions of Bluetooth will not be as vulnerable as those already in place.
In an attempt to best mitigate the controversy surrounding Bluetooth and its potential dangers, GovTech, a government agency notes that hacking a device with Bluetooth would be truly quite exceptional because it is "difficult for anyone to get close enough to the individual, and to use a computer to extract information from their phone without them noticing." To contradict the agency, Stas Protassov notes that "Bluetooth is just a ship. Real attacks occur on apps running Bluetooth data. The exploitation of these applications is the ultimate goal of the attackers. These attacks are often opportunistic and at close range."
Now access an unlimited number of passwords:
