According to the report, the lack of a mechanism would allow targeted monitoring.
A Bluetooth security breach in the Samsung Galaxy S8 has been reported to allow targeted surveillance. According to a study by IT security researcher Jiska Classen from the TU Darmstadt, millions of Samsung cell phones lack an important mechanism that normally securely encrypts the data transmission between Bluetooth devices, as the “Spiegel” reported on Friday.
According to this, hackers could use the security gap to intercept sensitive data that is transferred between Bluetooth devices in plain text. “Attackers could read passwords or messages using Bluetooth keyboards,” says Classen the magazine. It would also be conceivable for hackers to eavesdrop on conversations via Bluetooth headsets. The attackers would have to be in the immediate vicinity of the victims at times. Parking in front of a target person’s car is, in principle, sufficient.
The vulnerability would theoretically only allow targeted espionage, but not mass surveillance, IT security researcher Thorsten Holz told Spiegel. Nevertheless, the lack of protection of the Bluetooth connections is questionable. The vulnerability was not a problem for the use of one of the planned Corona warning apps, which also work via Bluetooth.
Samsung confirmed the vulnerability to “Spiegel”. The models Galaxy S8, S8 + and Note8 are affected. An update will be made available for these models in the coming days. So far, no cases have been reported in which the vulnerability was actively exploited by hackers.
–
