Researchers from the Technion – Israel Institute of Technology have disclosed a serious vulnerability in the Bluetooth protocol which lets attackers intercept and tamper with data transmitted between devices.
Vulnerable data includes contacts, keystrokes from a wireless keyboard, and the information from medical, point-of-sale, or automotive equipment, Ars Technica reported.
The report also noted that an attacker could forge keystrokes on a Bluetooth keyboard to open a command window or malicious website.
For an attack to succeed, both paired devices must be vulnerable.
Google, Intel, and Apple have issued patches for the vulnerability. LG and Huawei have also released security fixes for certain devices.
Carnegie Mellon University’s CERT divison lists Microsoft as unaffected by the issue.
“Microsoft implements an old version of the standard, which is even less secure, rather than the broken contemporary standard,” the researchers stated.
Full details about the disclosure and vendors who have issued patches can be found on the researchers’ webpage.