Experts say you should update to iOS 11.4 if you haven’t already to avoid the cyber flaw. Google has also released patches for Android and ChromeOS.
Experts say you should update to iOS 11.4 if you haven’t already to avoid the cyber flaw. Google has also released patches for Android and ChromeOS.

iPhone and Android hack warning - update your phone now

UPDATE your iPhone or Android phone now if you don't want to risk it falling prey to hackers who can swipe your messages, experts are warning.

A potentially critical flaw is affecting Bluetooth, leaving hundreds of millions of devices exposed to cyber criminals.

Apple, Google and Intel's hardware are among those at risk if not updated immediately, according to Carnegie Mellon's US Computer Emergency Response Team (CERT).

It tells of a vulnerability that impacts the data encryption process over Bluetooth connections, which let you securely transfer files between two paired devices wirelessly over short distances.

Or at least it should be secure.

The flaw arises from a missing check on keys while data is encrypting, specifically an absent validation contained in the Diffie-Hellman (ECDH) key exchange.

These are the "keys" that your device and the one you're pairing with exchange to lock down communications so that outsiders can't decipher the data you're transmitting.

But the Bluetooth standard didn't require both of them to completely validate those keys, which leaves the door wide open for hackers to wirelessly insert themselves between the devices and pinch your info.

Experts say you should update to iOS 11.4 if you haven’t already to avoid the cyber flaw. Google has also released patches for Android and ChromeOS. Picture: Glenn Hunt
Experts say you should update to iOS 11.4 if you haven’t already to avoid the cyber flaw. Google has also released patches for Android and ChromeOS. Picture: Glenn Hunt

Now that's changing, with companies scrambling to release security patches to fix the issue.

Apple has already updated MacOS for El Capitan and later, plus the fix is in iOS 11.4 for iPhones.

And Intel has provided updated Bluetooth drivers for Windows 7, 8.1 and 10.

A Google spokesperson said the company has "remediated the issue with updates to both ChromeOS and Android".

Thankfully, it doesn't work if at least one of the devices does its job in validating the entire process during the Diffie-Hellman (ECDH) key exchange.

Plus, CERT says it hasn't logged any real-life incidents related to the flaw.

Regardless, if you haven't updated your phone in a while, now's the time to do so.

 

This article originally appeared on The Sun and was reproduced with permission.


Fundraisers all in a row

Fundraisers all in a row

Crossfit Vivid raises close to $4000 for Ronald McDonald House.

Creating good sleeping habits

Creating good sleeping habits

Studies show poor sleep can increase risk for disease later in life.

Terry honoured for service

Terry honoured for service

Emerald man celebrates 50 years with the Rotary Club.

Local Partners