The company, based a few kilometers from Santiago de Compostela, has identified a security error in the technology used by billions of people around the world. This is Tarlogic, one of the Spanish leaders in cyber security, which presented at the computer security event RootedCON 2023, the result of research that shows a critical vulnerability in Bluetooth technology.
This vulnerability, which the company itself named “BlueTrust”, could be used to trace the connections between Bluetooth devices and the networks that form them. The capabilities of this weak security can allow calls to be listened to, interception of messages, access to confidential information or even cyberattacks.
spy phones, computers, televisions and even cars
Bluetooth technology originated about 20 years ago and was initially a way to connect mainly to mobile phones, but over the years it has been used by all devices. Bluetooth is used by mice, TVs or car consoles, cars and locks for security, as well as, of course, personal computers and even household appliances. This vulnerability allows knowing that a device has shared Bluetooth with another, and Tarlogic researchers used it to impersonate and impersonate a Bluetooth device to other devices with which they have a “trusted relationship” (the term Bluetooth binding).
According to Tarlogic, if this vulnerability were exploited, bad actors could carry out this series of actions;
In this way, according to Tarlogic, the attackers “were able to accumulate a large amount of information about their victims: their name, home or work email, phone number, their license plate… Personal information that they could use to commit fraud and extortion.”
BlueTrust as a gateway to cyberattacks
According to Tarlogic, with BlueTrust these types of cyberattacks can be accomplished;
