Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices
Cybersecurity researchers at NCC Group have found a critical flaw in Bluetooth Low Energy (BLE) receivers. The flaw may grant cyber criminals access to a range of devices, including phones, laptops, cars, and houses. NCC Group details how BLE uses proximity to authenticate that the user is within a close distance to the device. As part of NCC Group’s research, it was able to fake this proximity. Therefore, the flaw does not only affect organizations and businesses, but the average consumer as well. The issue may not be easily patchable either, and may affect millions of people.
NCC Group states that the exploit is a BLE-based proximity authentication that was not originally designed for use in critical systems such as locking mechanisms in smart home locks. Therefore, companies would have to completely overhaul its bluetooth proximity system. NCC Group states that the exploit takes just ten seconds, and could be repeated endlessly on a number of victims.