iPhone and Android vulnerability found affecting Bluetooth
This is one update you want to apply as soon as it becomes available from your phone’s manufacturer. An iPhone and Android vulnerability have been discovered, but it also affects PCs and other devices. Bluetooth chips from several vendors, including Apple, Intel, Broadcom and Qualcomm, have been confirmed to be vulnerable to what CERT describes as a missing check on keys during the process of date encryption (“Diffie-Hellman key exchange.”)
Basically it allows a hacker within Bluetooth range to get the keys required to access encrypted data, and gain access to whatever is being transmitted over Bluetooth. This means that not only your notifications could be hijacked, but more sensitive data as well, like security codes used for two factor authentications, etc.
“As far as we know every Android—prior to the patch published in June—and every device with wireless chip of Intel, Qualcomm or Broadcom is vulnerable”, said Lior Neumann, one of the two specialists who discovered the bug.