New Scientist reports a major security flaw in current Bluetooth devices that can be exploited by a roving hacker. The hacker can hijack your cell phone via Bluetooth and eavesdrop on conversations and even place calls using your phone.
Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else’s cellphone.
Now Avishai Wool and Yaniv Shaked of Tel Aviv University in Israel have worked out how to force devices to pair whenever they want. “Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices,” says Shaked.
The scariest part of this new hack is how easily it can be done, and even if Bluetooth security features are enabled. On a very slow computer the two researchers say it takes just 0.3 seconds to determine the Bluetooth link for any device in range. Bluetooth may never be the same again.