How Vulnerable Are Your Bluetooth Apps and Devices?

Researchers have recently discovered that mobile apps that work with Bluetooth devices have an internal design problem that makes them vulnerable to hackers. The problem is inherent to the way Bluetooth devices communicate with the apps that are used to control them, according to researchers.

Think about any common Bluetooth device like wearable health trackers and smart devices like a thermostat, speaker and home assistant. What allows app and device to communicate is a broadcasted UUID or universally unique identifier. This connects the app to the smart device allowing the two to communicate.

This identifier is also housed in the mobile app code, while this is essential for communication it also makes the identifier vulnerable to hackers via the app itself.
Despite this, researchers say this doesn’t mean you should throw away your smart devices.

Realizing this, researchers created their own hacking device to test the extent of this vulnerability. Using an area about a mile wide around Ohio State’s campus they sent their hacking program on a search. Of 5,800 some devices 94.6 percent (5,500 of the devices) were vulnerable to fingerprint attacks and 7.4 percent (431 devices) were vulnerable to unauthorized access and eavesdropping style attacks.

Those vulnerable to the latter kind of attack had issues when device and app initially pair that puts them at risk for hacking. According to researchers, app developers need to tighten defenses during this initial process to fix the problem.