• Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

  • The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

  • Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

  • XbSuper@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Could they possibly intercept a call between a smartwatch and phone, during a gpay or apple pay? This is the biggest concern I have, as I use my watch to pay for everything.

    • andrew_bidlaw
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Depends on how often they contact each other, I guess. Is phone even needed to do so once you authorized the watch? Can you pay with your phone being anywhere else?