An nameless reader writes: “Billions of smartphones, tablets, laptops, and IoT units are utilizing Bluetooth software program stacks which are susceptible to a brand new safety flaw disclosed over the summer season,” stories ZDNet. Named BLESA (Bluetooth Low Power Spoofing Assault), the vulnerability impacts units working the Bluetooth Low Power (BLE) protocol, and impacts the reconnection course of that happens when a tool strikes again into vary after shedding or dropping its pairing. A profitable BLESA assault permits dangerous actors to attach with a tool (by getting round reconnection authentication necessities) and ship spoofed knowledge to it. Within the case of IoT units, these malicious packets can persuade machines to hold out totally different or new habits. For people, attackers might feed a tool misleading info. BLESA impacts billions of units that run susceptible BLE software program stacks. Weak are BLE software program libraries like BlueZ (Linux-based IoT units), Fluoride (Android), and the iOS BLE stack. Home windows’ BLE stack isn’t impacted.
Learn extra of this story at Slashdot.