According to research, mobile apps that work with Bluetooth devices have an intrinsic design fault that makes them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at The Ohio State University, said that the problem exists in the way Bluetooth Low Energy devices communicate with the mobile apps that control them.
“There is a fundamental flaw that leaves these devices vulnerable – first when they are initially paired to a mobile app, and then again when they are operating,” Lin said. “And while the magnitude of that vulnerability varies, we found it to be a consistent problem among Bluetooth low energy devices when communicating with mobile apps.”
After Lin and his team’s realization about Bluetooth devices’ built-in flaw, they sought to see how extensive it might be in the real world.
“The typical understanding is that Bluetooth Low Energy devices have signals that can only travel up to 100 meters,” he said. “But we found that with a simple receiver adapter and amplifier, the signal can be ‘sniffed’ (or electronically found) much farther – up to 1,000 meters away.”
“It was in the initial app-level authentication, the initial pairing of the phone app with the device, where that vulnerability existed,” Lin said. If app developers tightened defenses in that initial authentication, he said, the problem could be resolved.