Bluetooth SIG, the group responsible for wireless communication technology standards has officially acknowledged a Bluetooth security flaw.
The vulnerability can force a pairing with your device. Bluetooth connections are characterized by ‘agreeing’ on two devices you want to pair up. Public keys verify the identity, and the generated encryption keys ensure a secure connection.
The flaw allows an attacker to reduce the encryption key down a single character, which then makes it easier to establish a pairing. Bluetooth SIG has announced that companies should provide updates that hand out Bluetooth encryption keys that are at least 7 octets, or seven characters. The short window of opportunity for interfering with Bluetooth connections should be enough to stave off malicious attacks.
Apple has already released an update in accordance with the threat. Updating to the latest public version should make your device safe from the Bluetooth vulnerability. Previously, there was another Bluetooth flaw that had attackers being able to track a compromised devices’ location.