Experts Insight On Purdue Findings That Billions Of Devices Vulnerable To New ‘BLESA’ Bluetooth Security Flaw

By   ISBuzz Team
Writer , Information Security Buzz | Sep 17, 2020 08:17 pm PST

It has been reported that, according to Purdue University researchers, billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Dr. Anton Grashion
Dr. Anton Grashion , EMEA Director
InfoSec Expert
September 18, 2020 3:27 pm

This vulnerability is yet another example that nothing is flawless from a security perspective in this world. However, accepting this simple fact that is actually empowering: Once we have done this, we can put procedures and measures in place to help us find potential problems in our network as fast as possible. It is for this reason that the concept of NDR is gaining traction so quickly; As an industry we must strive to reduce our MTA (Mean time to answer) questions about malicious activity to a diminishingly small number.

Last edited 3 years ago by Dr. Anton Grashion
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
September 18, 2020 4:22 am

This is just the latest discovery to involve security issues with Bluetooth connections. It is a constant back and forth between Bluetooth radio manufacturers, who scramble to fix flaws via firmware updates, and bad actors that scramble to exploit the flaws before they\’re fixed. This recent flaw appears to affect users of numerous devices, including iOS and Android.

Unfortunately, as it has been with previous Bluetooth bugs, sys admins face a nightmare of attempting to patch all vulnerable devices, and that\’s only if there is a patch available. It is also unfortunate that standard users of mobile and other devices will not patch their devices if and when a patch becomes available.

Last edited 3 years ago by Chris Hauk
Boris Cipot
Boris Cipot , Senior Sales Engineer
InfoSec Expert
September 18, 2020 4:19 am

As with any piece of technology we use today, there is the potential that they could be employed incorrectly. We usually hear about instances of cloud storage not being correctly configured, resulting in a significant data leak. In this case, whereby communication technology enterprises are not deploying the necessary security procedures, is nothing new. Rather, it is a shortcut. These shortcuts tend to improve the usability of their technology or the product deploying their technology.

In order to improve security, these organisations need to take additional steps which might prevent it from being user-friendly, or at least seen as user-friendly by customers. Consider the step of inputting a simple password every time you use your phone. For some, this is normal; for others, it is a burden and thus, they do not deploy such measures on their device. Now consider asking users to approve a Bluetooth connection with their headphones or with their car. Security savvy individuals would not mind doing so, however, the majority would see this as a burden. Therefore, these shortcuts are often used as a means of boosting usability and unfortunately, destroying security. This is ill-advised. Such shortcuts on phones, IoT devices and other technology should not be made possible by the technology itself. Moreover, users should demand more security and interaction points where they can approve actions, rather than allow them without supervision.

Last edited 3 years ago by Boris Cipot

Recent Posts

Would love your thoughts, please comment.x