China has not yet issued a special safety standards

It is estimated that by 2022, the number of Bluetooth-enabled devices will increase from 4.2 billion to 5.2 billion, and related security issues will become increasingly serious.

However, researchers at Boston University also said that windows 10 system and iOS system users only need to turn off Bluetooth and turn it back on again to set a new Bluetooth address. "Before manufacturers fix this vulnerability, this'stupid' method may be the most effective for users who pay attention to personal privacy and security." Cai Yunpeng said.

On June 11, 2018, the Secretariat of the National Information Security Standardization Technical Committee issued a draft for comments on the national standard "Information Security Technology Bluetooth Security Guide". The file is currently in the approval stage. "At present, China has not yet issued a special security standard. I suggest that the security standards related to Bluetooth devices should be improved as soon as possible. For example, the mandatory Bluetooth address randomization function should be added to some devices, which stipulates that embezzlement and abuse of Bluetooth data will be severely punished, so that attackers dare not take advantage of technological loopholes to do illegal things." Huang Xinyi said.

In terms of science and technology, Cai Yunpeng suggested that enterprises and manufacturers should strengthen protection measures in the pairing and connection links of Bluetooth systems: when pairing, add a verification pairing key link; When connecting, mutual authentication pipes should be used to ensure connection security. In terms of protecting cloud data security, manufacturers should try their best to choose high-security service providers, back up user information in time, encrypt and transmit important documents, use encrypted cloud services, take passwords seriously, and strengthen data security audit in production environment. High-security Bluetooth system chips and modules can be used on the hardware to minimize the impact of technological loopholes on users.

"When choosing products, consumers should try to choose products produced by regular large manufacturers, and do not blindly pursue low prices, which will be more secure in terms of security. In addition, when using the product, users should try to turn off the Bluetooth function when not using it, and also update the system software version in time to plug the loopholes." Cai Yunpeng suggested that users should try to reduce the number of Bluetooth pairing, and choose to pair in a safe place, do not let others see the pairing password. At the same time, when users use mobile phones, try not to connect or pair untrusted devices, and only pair with familiar devices.

Yin Wenxu said that not long ago, the Windows 10 science and technology team had fixed the vulnerability discovered by researchers at Boston University, and users could complete the repair as long as they updated the software. However, for Internet of Things devices such as bracelets that are relatively slow to update, the vulnerability may exist for a period of time. It is recommended that other manufacturers follow up and fix the vulnerability in time, release system updates, and check whether there are similar vulnerabilities in other products.