Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

May 20, 2020
in Internet Privacy
New Bluetooth Vulnerability Exposes Billions of Devices to Hackers
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.

The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concerns Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for wireless data transfer between devices.

You might also like

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

“The Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment,” the researchers outlined in the paper. “Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade.”

Given the widespread impact of the vulnerability, the researchers said they responsibly disclosed the findings to the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards in December 2019.

The Bluetooth SIG acknowledged the flaw, adding it has made changes to resolve the vulnerability. “These changes will be introduced into a future specification revision,” the SIG said.

The BIAS Attack

For BIAS to be successful, an attacking device would need to be within the wireless range of a vulnerable Bluetooth device that has previously established a BR/EDR connection with another Bluetooth device whose address is known to the attacker.

The flaw stems from how two previously paired devices handle the long term key, also known as link key, that’s used to mutually authenticate the devices and activate a secure connection between them.

The link key also ensures that users don’t have to pair their devices every time a data transfer occurs between, say, a wireless headset and a phone, or between two laptops.

The attacker, then, can exploit the bug to request a connection to a vulnerable device by forging the other end’s Bluetooth address, and vice versa, thus spoofing the identity and gaining full access to another device without actually possessing the long term pairing key that was used to establish a connection.

Put differently, the attack allows a bad actor to impersonate the address of a device previously paired with the target device.

What’s more, BIAS can be combined with other attacks, including the KNOB (Key Negotiation of Bluetooth) attack, which occurs when a third party forces two or more victims to agree on an encryption key with reduced entropy, thus allowing the attacker to brute-force the encryption key and use it to decrypt communications.

Devices Not Updated Since December 2019 Affected

With most standard-compliant Bluetooth devices impacted by the vulnerability, the researchers said they tested the attack against as many as 30 devices, including smartphones, tablets, laptops, headphones, and single-board computers such as Raspberry Pi. All the devices were found to be vulnerable to BIAS attacks.

The Bluetooth SIG said it’s updating the Bluetooth Core Specification to “avoid a downgrade of secure connections to legacy encryption,” which lets the attacker initiate “a master-slave role switch to place itself into the master role and become the authentication initiator.”

In addition to urging companies to apply the necessary patches, the organization is recommending Bluetooth users to install the latest updates from the device and operating system manufacturers.

“The BIAS attacks are the first uncovering issues related to Bluetooth’s secure connection establishment authentication procedures, adversarial role switches, and Secure Connections downgrades,” the research team concluded. “The BIAS attacks are stealthy, as Bluetooth secure connection establishment does not require user interaction.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Machine Learning: A Math Problem or a Workflow Problem?

Next Post

NXNSAttack technique can be abused for large-scale DDoS attacks

Related Posts

Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Internet Privacy

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
Next Post
NXNSAttack technique can be abused for large-scale DDoS attacks

NXNSAttack technique can be abused for large-scale DDoS attacks

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

The Bayesian vs frequentist approaches: implications for machine learning – Part two
Data Science

The Bayesian vs frequentist approaches: implications for machine learning – Part two

March 1, 2021
Google’s deep learning finds a critical path in AI chips
Machine Learning

Google’s deep learning finds a critical path in AI chips

March 1, 2021
9 Tips to Effectively Manage and Analyze Big Data in eLearning
Data Science

9 Tips to Effectively Manage and Analyze Big Data in eLearning

March 1, 2021
Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ
Machine Learning

Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ

March 1, 2021
The Future of AI in Insurance
Data Science

The Future of AI in Insurance

March 1, 2021
Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • The Bayesian vs frequentist approaches: implications for machine learning – Part two March 1, 2021
  • Google’s deep learning finds a critical path in AI chips March 1, 2021
  • 9 Tips to Effectively Manage and Analyze Big Data in eLearning March 1, 2021
  • Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ March 1, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates