Dismiss this notice
EaseUS Todo Backup Home Giveaway - https://www.geeks.fyi/showthread.php?tid=12343

Dismiss this notice
EaseUS MobiSaver for Android 5.0 Giveaway - https://www.geeks.fyi/showthread.php?tid=12344

Dismiss this notice
Avast Premium Security FREE LICENSE Giveaway - https://www.geeks.fyi/showthread.php?tid=12417

Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices
#1
Information 
Quote:Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to capture sensitive data from the other device.
 
The bugs allow Bluetooth Impersonation Attacks (BIAS) on everything from internet of things (IoT) gadgets to phones to laptops, according to researchers at the École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland. The flaws are not yet patched in the specification, though some affected vendors may have implemented workarounds.
 
“We conducted BIAS attacks on more than 28 unique Bluetooth chips (by attacking 30 different devices),” the researchers said. “At the time of writing, we were able to test chips from Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All devices that we tested were vulnerable to the BIAS attack.”

The issue lies in the pairing/bonding protocols used in the specification. When two Bluetooth devices are paired for the first time, they exchange a persistent encryption key (the “long-term key”) that will then be stored, so that the endpoints are thereafter bonded and will connect to each other without having to perform the lengthier pairing process every time.
 
For the attacks to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device that has previously established bonding with a remote device with a Bluetooth address known to the attacker.

Read more: https://threatpost.com/bluetooth-bugs-im...es/155886/
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply
#2
Quote:Researchers at École Polytechnique Fédérale de Lausanne have published details about a new Bluetooth vulnerability that affects billions of mobile devices and wearables and allows a clever attacker to pose as a remotely paired device.
 
The attack method, dubbed Bluetooth Impersonation Attacks or (BIAS), is related to Bluetooth Classic which supports two types of wireless data transfer between devices: Basic Rate (BR) and Enhanced Data Rate (EDR).
 
The academics explain "the Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment. [...] Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade."
Source
[-] The following 1 user Likes Toligo's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
GFYI [Official] Avast Premium Security ...
"WHAT do you li...angustaver — 07:38
AV-Test.org - Best Windows AV software ...
F-Secure PSB Compute...jasonX — 20:34
Best VPN for Android TV
Just to add, Expr...jasonX — 20:27
Avast_Blog_Security News: An elections s...
Exploring the l...harlan4096 — 16:38
What Is Riskware? Cybersecurity Threats ...
In the Online W...harlan4096 — 16:31

[-]
Birthdays
Today's Birthdays
avatar (42)riafootgtap
avatar (33)fixlnub
Upcoming Birthdays
avatar (42)RussellRuigh
avatar (49)isyqop
avatar (39)AntoineLer
avatar (33)prefenouff
avatar (34)emogig
avatar (36)Isabelle88Nes
avatar (36)ferpuMip
avatar (33)kinotExaro
avatar (45)HerbertPab
avatar (42)Susanskymn
avatar (36)stepaRurry
avatar (32)torieyang
avatar (41)MichaelPlaup
avatar (34)JasonSoult
avatar (31)hyxamuc

[-]
Online Staff
There are no staff members currently online.

>