Skip to Content
© Razihusin | Dreamstime.com
Security

Critical flaw puts billions of smartphones at risk of attack – what you need to know

By James Gelinas, Komando.com
September 17, 2020
Printer friendly 🖨

Device security flaws can be a major pain in the neck for both consumers and manufacturers. If one device is affected, thousands of others are also in danger. That’s why it’s in the best interest of device-makers to push out patches and updates as often as possible.

But what happens when a security flaw doesn’t just affect one kind of product but hundreds? If a component like an antenna or chip has a security flaw, so do all the devices that use it. Tap or click here to see how a dangerous chip flaw put nearly 50% of all smartphones at risk.

If you thought a security flaw that affected millions of devices was bad, how about one that affects billions of them? An exploit discovered in Bluetooth chips lets hackers hijack your device and send it malicious data — and these chips are found in smartphones all over the world. We’ll show you whether or not your phone is at risk and what can be done about it.

Bug breaks Bluetooth badly

A new report from researchers at Purdue University has revealed that most smartphones have a dangerous bug lurking in an unsuspecting place: Their Bluetooth antennas.

This issue, dubbed BLESA, gives hackers the keys to your smartphone thanks to a glitch in how the wireless standard connects to and remembers other devices. BLESA stands for Bluetooth Low Energy Spoofing Attack, and if this hack is pulled off successfully, a hacker can wirelessly connect to your phone and inject malicious data over the air.

Here’s how the hack works: Your phone’s Bluetooth antenna uses a “low energy” mode to connect to certain accessories like smart home gear and fitness bands without draining the battery. Under low energy mode, however, some gadgets won’t authenticate other devices it’s already connected to.

During a BLESA attack, a hacker takes advantage of this security misstep and pretends to be a familiar device. Once they connect, they can send misleading information or manipulate your device remotely.

Imagine a troll hacker, for example, giving your smartwatch or EKG reader a heart attack alert when you’re totally fine. The shock from the alert might be enough to give you a real one! But that’s just the tip of the iceberg — the researchers speculate that the flaw could be used to create malicious keystrokes, too.

Researchers submitted their findings to Google back in April of 2019, but to their surprise, it seems like billions of Android devices are still vulnerable. iOS, apparently, is unaffected thanks to a patch Apple added to iOS 13. PCs do not appear to be affected and the current status on Macs is unknown for now. We’ll update this story should any more info come to light.

Tap or click here to see another dangerous Bluetooth flaw that lets hackers into your phone.

What can I do to stay safe from BLESA attacks?

BLESA, despite its severity, is thankfully easy to workaround. The researchers behind the report told readers that Google added a potential fix in its December 2019 Android security update. But in spite of this update, some devices might still be affected.

As of now, there are two major workarounds: Updating your Android phone and turning Bluetooth off when it’s not in use. Android owners should also have their phones “forget” any Bluetooth devices they previously connected to.

Here’s how you can set up BLESA defenses for your smartphone:

Update Android:

  1. Make sure your device is plugged in and connected to Wi-Fi.
  2. Open the Settings app.
  3. Select About Phone.
  4. Tap Check for Updates. If an update is available, a button labeled Update will appear.
  5. Tap Update to install. Depending on your device, you may see Install Now, Reboot and install, or Install System Software instead.

If you’ve been using the same operating system for a while, getting up to speed is crucial. Just make sure to back up your phone first. Tap or click here to see our favorite way to save our data.

Disable Bluetooth on Android

  1. Swipe down from the top of your screen to show the Status Bar menu.
  2. Tap the Bluetooth icon to temporarily disable Bluetooth. Follow these same steps to re-activate.

Forget previous Bluetooth devices on Android

  1. Open the Settings app and tap Device connection followed by Bluetooth. You’ll see a list of previously paired Bluetooth devices.
  2. If the Bluetooth is set to Off, turn it On temporarily.
  3. Tap the gear icon for the device you want to unpair.
  4. Tap Forget on the menu that appears.

Remembering these steps will keep hackers off your trail for now. If you do need to use a Bluetooth device again, just follow the steps again to re-enable your antenna. Just make sure it’s off when you’re finished. You never know if someone might be waiting nearby to spring a BLESA on you.

Tech smarts in 2 minutes a day

Get my Daily Tech Update and the Digital Life Hack. Just one minute each and arm you with the tech knowledge you need to impress your boss and friends with how smart you are.

LISTEN NOW