HomeWinBuzzer NewsBluetooth Vulnerability Leaves Billions of Android and iOS Devices Open to Easy...

Bluetooth Vulnerability Leaves Billions of Android and iOS Devices Open to Easy Attack

A flaw in the Bluetooth standard allows anyone within range to see decrypted messages and information sent from a device.


's platform is often subjected to security issues, but it is rare to see 's iOS affected. It is even rarer to see both leading mobile platforms afflicted by the same problem. However, that's what is happening at the moment because of a vulnerability in .

Of course, Bluetooth is a connectivity standard not controlled by Apple or Google. In other words, in this instance Android and iOS are afflicted by a third-party problem.

As you probably know, Bluetooth is ubiquitous so there could be billions of devices affected by the problem.

The U.S. Computer Emergency Response Team (CERT) has described a flaw it found when Bluetooth did not check keys when the team tried to encrypt and send data. More fluidly, there was a missing validation in Bluetooth's encryption method (the “Diffie-Hellman key exchange”).

What this vulnerability means is an attacker could see the supposedly encrypted data. To do this, they would have to be within Bluetooth range of the device. Still, CERT says if within range there is a “high probability” the vulnerability could be successfully exploited.

With this access, a hacker could see all messages sent through Bluetooth, whether encrypted or not. App data, device data and even security codes could be at risk.


Lior Neumann is one of the two Israeli researchers who found the vulnerability. Speaking to Forbes, he said the scope of the problem is massive:

“As far as we know every Android—prior to the patch published in June—and every device with wireless chip of Intel, or Broadcom is vulnerable.”

So, when just about any active device of significance in the world is potentially vulnerable, the obvious question is how to fix it. Well, the good news is companies are starting to issue patches. Neumann says the Android Open Source Project (AOSP) has issued a patch, but nothing official has come from Google yet.

Apple has acted fast and patched the problem with the release of iOS 11.4 earlier this year. MacOS was shored up by the company in June.

Bluetooth SIG, a group that oversees the standard says it has released patch guidance the will help companies.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News