This vulnerability allows the identity of one of the 2 devices already paired to be stolen to make the other device believe that it is a trusted device.

Security experts discovered a vulnerability in Bluetooth that could put millions of people at risk

The vulnerability was called “BIAS” (Bluetooth Impersionation Attacks), which has the ability to trick our devices into believing that theye are connecting to a trusted device, although it is actually a device that may have malware and could steal data or damage the device.

When you connect two devices through Bluetooth connectivity you know that the first time they usually take longer to pair due to the fact that a security process is carried out in which they generate a link key that they will only share both devices and that can only be broken when you unlink both computers, which is not the same as disconnecting them.

When they are linked, whenever you try to connect both devices the process is much faster than the first time because the generated security key is a derivative of the mother key.

This vulnerability allows the identity of one of the 2 devices already paired to be stolen to make the other device believe that it is a trusted device with which the pairing process has already been carried out. however, you are connecting to a different device that you do not know.

This is potentially dangerous because once both devices are connected the file transfer process can begin. With malware that aims to steal information from your device, all this without you realizing it.

The failure was reported to Bluetooth SIG, which is the organization behind this technology, which made sure it solved the problem.

The researchers mention that it is impossible to test all the devices in the world to ensure it, but they have been able to prove that All versions of Bluetooth have this vulnerability, and have tested it with different computers in different versions.

However, the problem is that for this failure does not affect users, manufacturers need to release the update for their devicesOtherwise, it is useless if the vulnerability has already been solved.

This means that there will probably be teams that spend many months with this vulnerability, many others will have it forever because its update period has ended, and in the case of Android phones, probably the high-end and few high-end range are the first to be free of this vulnerability.

It may interest you:

Delete Facebook applications that have your data

Watch out! Xiaomi collects your activity on the web, even in incognito mode

In Mexico, drug traffickers also make home offices for coronaviruses

.