Windows 10 has now begun to receive a lot of consecutive updates after facing flak over the infamous 1809 update. The latest round of updates, particularly arriving in June this year, has started to break some Bluetooth pairings and connections. However, unlike some previous updates where the breakdowns and deletions were unintentional, Microsoft has clarified that an upcoming update may cause Bluetooth devices to lose their connection to Windows PCs. In other words, the latest updates will intentionally severe Bluetooth connections to a few devices that connect through the low-range wireless connection protocol.
The latest round of Windows 10 updates was a welcome change primarily because of the way they are delivered. Majority of Windows 10 users still do not have absolute control over the way updates are downloaded and installed. However, Microsoft has significantly softened its stand. Nonetheless, the Windows 10 cumulative updates dating June 11, 2019, contain some interesting components that pose a unique challenge to the users of the operating system.
Overall, the updates appear rather straightforward and meaningful. They contain the usual array of bug fixes. As expected, Microsoft has also included the latest security patches for known vulnerabilities. As reported earlier, Windows 10 is well protected against the Remote Desktop Protocol (RDP) as well as Ransomware viruses owing to the inherent and built-in protection. The updates essentially strengthen the same. However, one particular component is rather worrying.
The component in the latest Windows update deals with the flaw described in CVE-2019-2102. Essentially, the flaw is pertaining to the connections that take place over the Bluetooth Low Energy or BT LE protocol. Microsoft had discovered that some Bluetooth LE connections were vulnerable to remote intrusion attacks. In other words, attackers within close proximity of a Bluetooth LE connection could send arbitrary keystrokes. The victim of such an attack wouldn’t be aware.
— Eboxlab Inc (@EboxlabInc) June 14, 2019
Windows 10 cumulative updates dating June 11, 2019, and later, addresses the security vulnerability in Bluetooth LE connections. However, the way Microsoft implements security is rather concerning and cumbersome. As an undesired side-effect, Bluetooth devices and electronics, including several keyboards, headphones and other accessories simply won’t be able to connect with a PC running Windows 10. Elaborating on the same, Microsoft issued a security document, which read:
“You may experience issues pairing, connecting or using certain Bluetooth devices after installing security updates released June 11, 2019. These security updates address security vulnerability by intentionally preventing connections from Windows to unsecure Bluetooth devices. Any device using well-known keys to encrypt connections may be affected, including certain security fobs”
At this juncture, there’s no clear list of Bluetooth LE devices that won’t work with Windows 10 after the latest round of updates. This is because there’s no one specific class of devices affected. Microsoft has indicated a few key fobs as potential candidates but hasn’t offered any more specifics. This leaves end-users clueless.
Microsoft is recommending users of Bluetooth LE peripherals that do not work with Windows 10, to get in touch with their “Bluetooth device vendor”. Apparently, the company had to take the hard decision of blocking connections to plug the security hole, instead of exposing Windows 10 users to the security risk.
@Microsoft just had to break something again with its latest update for @Windows. Now the user has to chase after the manufacturer to fix your #bluetooth device if the update messes up the connection. Not up to us to fix your mistakes #Microsofthttps://t.co/11yJDlTO5i
— WalktheLine (@edgytimes) June 13, 2019
Can Windows 10 Users Continue Using Their Bluetooth LE Devices On PCs?
Interestingly, it is now possible to hold off on or delay the installation of any and all updates arriving after June 11. Microsoft has granted the ability to delay installation for a short time. But needless to add, this significantly increases the risk of staying on a potentially vulnerable wireless connection. What’s truly concerning for Windows 10 users is the ambiguity surrounding the security vulnerability. In simple words, users don’t know which devices are affected. The only way of knowing for sure is installing the update. Still, holding off on installing the update just to continue using the peripheral isn’t a safe way either.
Arbitrary keystrokes over Bluetooth LE connections are quite risky especially if the attacker uses power-boosted equipment with long-range antennas. Hardware that supports long-range Bluetooth connections is commonly available. Hackers could easily deploy such a system and snoop for vulnerable connections. Once a vulnerable Windows 10 machine is sniffed out, hackers could easily send across several keystrokes without the victim being aware of the intrusion.