The Bluetooth chip in a smartphone is vulnerable to hackers who can make it listen in on calls and send out signals without the owner’s knowledge, according to a new report.
The vulnerabilities can allow hackers to listen in to phone conversations and control them remotely without the owners knowledge.
“Bluetooth is so vulnerable, and so ubiquitous, that it’s really a big deal to be able to get in and listen in,” said Dr. Stephen Green, a security researcher who’s also a co-author of the new report, “Bluethrowers: The Untold Story of the Bluetooth Chip That Made Us Human.”
Hackers have been able to gain access to Bluetooth chips for years, but it’s rare to see them so brazen.
This new vulnerability is the first time a Bluetooth chip has been compromised in such a way.
Researchers said it’s not clear if the vulnerabilities can be exploited remotely or not, but they did say that hacking the chip could be a serious problem.
Hackers could also be able access other parts of the phone to listen for conversations, which could compromise the security of the device and compromise its functionality.
The new vulnerability also means that phones are susceptible to a variety of other serious security flaws, from the use of poorly designed or misconfigured Bluetooth chips to a lack of awareness about how to configure the chip properly.
This could mean hackers could be able hijack Bluetooth chips and force the phones to connect to another device that can’t be controlled remotely, the researchers said.
A number of companies, including Samsung and Motorola, have been trying to fix the Bluetooth chip’s vulnerabilities for years.
Samsung and HTC recently began releasing firmware updates that fix some of the vulnerabilities, but that doesn’t fix all of them.
The fix for one of the latest vulnerabilities in the Bluetooth chips’ firmware is still in the works, but experts said it still doesn’t address the flaw that can allow someone to eavesdrop on a call without the phone’s owner’s consent.