UPDATE your iPhone or Android phone now if you don’t want to risk it falling prey to hackers who can swipe your messages, experts are warning.
A potentially critical flaw is affecting Bluetooth, leaving hundreds of millions of devices exposed to cyber criminals.
Apple, Google and Intel’s hardware are among those at risk if not updated immediately, according to Carnegie Mellon’s US Computer Emergency Response Team (CERT).
It tells of a vulnerability that impacts the data encryption process over Bluetooth connections, which let you securely transfer files between two paired devices wirelessly over short distances.
Or at least it should be secure.
The flaw arises from a missing check on keys while data is encrypting, specifically an absent validation contained in the Diffie-Hellman (ECDH) key exchange.
These are the “keys” that your device and the one you’re pairing with exchange to lock down communications so that outsiders can’t decipher the data you’re transmitting.
But the Bluetooth standard didn’t require both of them to completely validate those keys, which leaves the door wide open for hackers to wirelessly insert themselves between the devices and pinch your info.
Now that’s changing, with companies scrambling to release security patches to fix the issue.
Apple has already updated MacOS for El Capitan and later, plus the fix is in iOS 11.4 for iPhones.
And Intel has provided updated Bluetooth drivers for Windows 7, 8.1 and 10.
A Google spokesperson said the company has “remediated the issue with updates to both ChromeOS and Android”.
Thankfully, it doesn’t work if at least one of the devices does its job in validating the entire process during the Diffie-Hellman (ECDH) key exchange.
Plus, CERT says it hasn’t logged any real-life incidents related to the flaw.
Regardless, if you haven’t updated your phone in a while, now’s the time to do so.