Recently, Ohio State University researched the safeness of the bluetooth devices. They have found a crucial safety threat in bluetooth devices that makes them exploitable by hackers. Researches also concluded if necessary actions isn’t taken while pairing the device for the first time, this vulnerability could led to your device to be hacked.
This vulnerability is said to be stemming from the low energy bluetooth device’s communication system with the paired devices that remote-control them. When you try to connect a bluetooth device for your computer (or anything that allows a bluetooth device to be set up, like bluetooth headphones for your mobile device), the device broadcasts a unique identifier known as the UUID. The way this signal works is while it is broadcasting, the device can catch the broadcasted signal to identify what kind of device is planned to be set-up with the device, then proceeds to establish a safe communication with the said device. If there are little or none encryption methods with your bluetooth device, hackers can use that signal to hack into the connection and gather information.
“At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps.” Claimed associate professor of computer science and engineering Z. Lin, at the Ohio State University.
To estimate the impact of the vulnerability, they have conducted a research by building a hacking device that caught the unique UUID inbetween the bluetooth device and the paired device.
Researchers have found that the issue is mostly about the initial pairing, they have tested with multiple devices, and found that if the initial pairing process was made to be more secure the problem would probably vanish. If not, devices would continue to be vulnerable to fingerprint or eavesdropping attacks.