The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Bluetooth

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable

September 02, 2021Ravie Lakshmanan
A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks.  Collectively dubbed " BrakTooth " (referring to the Norwegian word "Brak" which translates to "crash"), the 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments, covering an estimated 1,400 or more commercial products, including laptops, smartphones, programmable logic controllers, and IoT devices. The flaws were disclosed by researchers from the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD). "All the vulnerabilities […] can be triggered without any previous pairing or authentication," the researchers noted. "The impact of our discovered vulnerabilities is categorized into
Researchers Propose Machine Learning-based Bluetooth Authentication Scheme

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme

August 31, 2021Ravie Lakshmanan
A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called " Verification of Interaction Authenticity " (aka VIA), the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired with one another, which remain authenticated until an explicit deauthentication action is taken, or the authenticated session expires. "Consider devices that pair via Bluetooth, which commonly follow the pattern of pair once, trust indefinitely. After two devices connect, those devices are bonded until a user explicitly removes the bond. This bond is likely to remain intact as long as the devices exist, or until they transfer ownership," Travis Peters, one of the co-authors of the study,  said . "The increased adoption of (Bluetooth-enabled)
New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

May 24, 2021Ravie Lakshmanan
Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. "Devices supporting the Bluetooth  Core  and  Mesh Specifications  are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing," the Carnegie Mellon CERT Coordination Center  said  in an advisory published Monday. The two Bluetooth specifications define the standard that allows for many-to-many communication over the short-range wireless technology to facilitate data transfer between devices in an ad-hoc network. The Bluetooth Impersonation AttackS, aka BIAS , enable a malicious actor to establish a secure connection with a victim, without having to know and authenticate the long-term key shared between the victims, thus effectively bypassing Bluetooth's authentication mechanism. "The
Apple's Find My Network Can be Abused to Exfiltrate Data From Nearby Devices

Apple's Find My Network Can be Abused to Exfiltrate Data From Nearby Devices

May 17, 2021Ravie Lakshmanan
Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My" Bluetooth broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices that then upload the data for you," Positive Security researcher Fabian Bräunlein  said  in a technical write-up disclosed last week. The study builds on a previous analysis by TU Darmstadt  published  in March 2021, which disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that could lead to a location correlation attack and unauthorized access to a user's location history of the past seven days. The investigation was augmented by the release of a framework called  OpenHaystack  that's designed to let any user create an &
Bug in Apple's Find My Feature Could've Exposed Users' Location Histories

Bug in Apple's Find My Feature Could've Exposed Users' Location Histories

March 05, 2021Ravie Lakshmanan
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby deanonymizing users. The  findings  are a consequence of an exhaustive review undertaken by the Open Wireless Link (OWL) project, a team of researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany, who have historically taken apart Apple's wireless ecosystem with the goal of identifying security and privacy issues. In response to the disclosures on July 2, 2020, Apple is said to have partially addressed the issues, stated the researchers, who used their own data for the study citing privacy implications of the analysis. How Find My Works? Apple devices come with a feature called  Find My  that makes it easy for users to locate other Apple devices, including
Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

October 16, 2020Ravie Lakshmanan
Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer  Andy Nguyen , the three flaws — collectively called BleedingTooth — reside in the open-source  BlueZ  protocol stack that offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices. The first and the most severe is a heap-based type confusion ( CVE-2020-12351 , CVSS score 8.3) affecting Linux kernel 4.8 and higher and is present in the Logical Link Control and Adaptation Protocol ( L2CAP ) of the Bluetooth standard, which provides multiplexing of data between different higher layer protocols. "A remote attacker in short distance knowing the victim's [Bluetooth device] address can send a malicious l2cap packet and cause denial of se
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.