Apple admitted the serious Bluetooth security vulnerability and fixed it
The Bluetooth SIG, the official body responsible for wireless communication technology standards, has admitted that there is a serious Bluetooth security vulnerability that can make it easier for attackers to force pairing with your device.
The Bluetooth connection works when both devices agree to connect. One sends a request, the other must accept it, and authenticates the identity of the device by exchanging the public key and generates an encryption key for the connection to ensure the security.
A Bluetooth security vulnerability means that an attacker could interfere with encryption settings, forcing the encryption key to be shorter and making it easy to try all possible encryption keys to establish a connection.
Researchers have found that the attached device may interfere with the process of setting encryption on BR/EDR connections between two devices, thereby shortening the length of encryption keys.
Some Bluetooth products at lower security levels are more vulnerable because not all Bluetooth specifications stipulate a explicit minimum length of encryption keys. Therefore, the attacker can set the encryption key to a shorter length, which can be easily cracked, then manipulate the targeted phone or the traffic.
The Bluetooth SIG requires vendors to upgrade their Bluetooth devices in the Bluetooth specification, ensuring that the encryption key is at least 7 octets. Since the window time available for spoofing connections is very short, it is basically enough to prevent such attacks as long as the key length meets the specification standards.
Apple has implemented this in its latest update to its devices, please make ensure that your system has been updated to the latest public version to prevent these attacks.