Experts Insight On Purdue Findings That Billions Of Devices Vulnerable To New ‘BLESA’ Bluetooth Security Flaw

It has been reported that, according to Purdue University researchers, billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.

Experts Comments

September 18, 2020
Dr. Anton Grashion
EMEA Director
Corelight
This vulnerability is yet another example that nothing is flawless from a security perspective in this world. However, accepting this simple fact that is actually empowering: Once we have done this, we can put procedures and measures in place to help us find potential problems in our network as fast as possible. It is for this reason that the concept of NDR is gaining traction so quickly; As an industry we must strive to reduce our MTA (Mean time to answer) questions about malicious activity to .....Read More
This vulnerability is yet another example that nothing is flawless from a security perspective in this world. However, accepting this simple fact that is actually empowering: Once we have done this, we can put procedures and measures in place to help us find potential problems in our network as fast as possible. It is for this reason that the concept of NDR is gaining traction so quickly; As an industry we must strive to reduce our MTA (Mean time to answer) questions about malicious activity to a diminishingly small number.  Read Less
September 18, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
This is just the latest discovery to involve security issues with Bluetooth connections. It is a constant back and forth between Bluetooth radio manufacturers, who scramble to fix flaws via firmware updates, and bad actors that scramble to exploit the flaws before they're fixed. This recent flaw appears to affect users of numerous devices, including iOS and Android. Unfortunately, as it has been with previous Bluetooth bugs, sys admins face a nightmare of attempting to patch all vulnerable.....Read More
This is just the latest discovery to involve security issues with Bluetooth connections. It is a constant back and forth between Bluetooth radio manufacturers, who scramble to fix flaws via firmware updates, and bad actors that scramble to exploit the flaws before they're fixed. This recent flaw appears to affect users of numerous devices, including iOS and Android. Unfortunately, as it has been with previous Bluetooth bugs, sys admins face a nightmare of attempting to patch all vulnerable devices, and that's only if there is a patch available. It is also unfortunate that standard users of mobile and other devices will not patch their devices if and when a patch becomes available.  Read Less
September 18, 2020
Boris Cipot
Senior Sales Engineer
Synopsys
As with any piece of technology we use today, there is the potential that they could be employed incorrectly. We usually hear about instances of cloud storage not being correctly configured, resulting in a significant data leak. In this case, whereby communication technology enterprises are not deploying the necessary security procedures, is nothing new. Rather, it is a shortcut. These shortcuts tend to improve the usability of their technology or the product deploying their technology. In.....Read More
As with any piece of technology we use today, there is the potential that they could be employed incorrectly. We usually hear about instances of cloud storage not being correctly configured, resulting in a significant data leak. In this case, whereby communication technology enterprises are not deploying the necessary security procedures, is nothing new. Rather, it is a shortcut. These shortcuts tend to improve the usability of their technology or the product deploying their technology. In order to improve security, these organisations need to take additional steps which might prevent it from being user-friendly, or at least seen as user-friendly by customers. Consider the step of inputting a simple password every time you use your phone. For some, this is normal; for others, it is a burden and thus, they do not deploy such measures on their device. Now consider asking users to approve a Bluetooth connection with their headphones or with their car. Security savvy individuals would not mind doing so, however, the majority would see this as a burden. Therefore, these shortcuts are often used as a means of boosting usability and unfortunately, destroying security. This is ill-advised. Such shortcuts on phones, IoT devices and other technology should not be made possible by the technology itself. Moreover, users should demand more security and interaction points where they can approve actions, rather than allow them without supervision.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts