Spyware code found in Bluetooth on billions of devices
Share
Cyber security researchers have discovered the potential security issue that could pose a threat to billions of devices around the world. They discovered a hidden command encoded in the Bluetooth chip installed in many devices. Experts believe that this hidden function can be used by malicious actors as a weapon and as an opportunity to break into these devices.
Mashable writes about it.
Everything we know about the Bluetooth threat on billions of devices
Using this coded command, hackers can impersonate a trusted device and then connect to smartphones, computers, and other Bluetooth-enabled devices to access information stored on them. Malicious actors can use their connection to the device to spy on users.
The vulnerability was found in the ESP32 chip, which is manufactured by the Chinese company Espressif. The chip provides Wi-Fi and Bluetooth connections. In 2023, the company reported that more than one billion units of the ESP32 chip were sold. Most smart appliances use this particular microcontroller.
The researchers claim that the encoded command can be used by hostile actors to launch attacks by impersonating other people and permanently infecting sensitive devices such as smartphones, computers, smart locks, and medical equipment, bypassing code audit controls.
They developed a new tool for Bluetooth drivers that revealed a total of 29 hidden features that could be used to mimic known devices and gain access to private information stored on the device.
Given the low cost of the ESP32 chip — only USD 2 — it is clear why so many devices use this component rather than more expensive options.
As a reminder, many popular and useful Chrome browser extensions have become malicious. Hackers hacked them and downloaded malicious updates, which put more than 3 million users at risk.
We also wrote that Google unveiled an updated tool for tracking and removing information about yourself from search. Results about you will help you quickly request the removal or change of information if you see your phone number or address in the public domain.
