The organization for standardization of Bluetooth technology reported a vulnerability found in the encryption Protocol of the popular standard. Using a "hole" in the encryption standard, an attacker can gain access to information on the device and intercept the traffic that the gadgets exchange with each other.
When the key is matched at the time of pairing, the devices exchange the alphanumeric combination to establish the connection. It is at this point that the hacker can intercept the key and make it short, which will allow the attack by brute force. Having gained access to the established connection, the attacker is able to fully control the traffic transmitted between the devices.
To carry out such an attack, several conditions must be met: the attacker must be within the range of the established connection, and both attacked gadgets must use Bluetooth BR/EDR, and the vulnerability will affect each of the devices.
After detecting a defect in the standard, the researchers checked 16 models of popular wireless controllers — all of them were exposed to this type of hacking. This is due to the fact that the Bluetooth specification does not require a minimum key length. Major manufacturers have already released vulnerability-fixing updates. Consumers can only install the appropriate patches on vulnerable devices with Bluetooth.