The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Bluetooth hacking

Xiaomi Electric Scooters Vulnerable to Life-Threatening Remote Hacks

Xiaomi Electric Scooters Vulnerable to Life-Threatening Remote Hacks

February 12, 2019Swati Khandelwal
Smart devices definitely make our lives easier, faster, and more efficient, but unfortunately, an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life. If you are an electric scooter rider, you should be concerned about yourself. In a report shared with The Hacker News in advance, researchers from mobile security firm Zimperium said to have discovered an easy-to-execute but serious vulnerability in M365 Folding Electric Scooter by Xiaomi that could potentially putting riders life at risk. Xiaomi e-Scooter has a significant market share and is also being used by different brands with some modifications. Xiaomi M365 Electric Scooter comes with a mobile app that utilizes password-protected Bluetooth communication, allowing its riders to securely interact with their scooters remotely for multiple features like changing password, enabling the anti-theft system, cruise-control, eco mode, updating the scooter's firmwar
Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks

Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks

November 01, 2018Swati Khandelwal
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit , the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices. Discovered by researchers at Israeli security firm Armis, the vulnerabilities exist in Bluetooth Low Energy (BLE) Stack chips made by Texas Instruments (TI) that are being used by Cisco, Meraki, and Aruba in their enterprise line of products. Armis is the same security firm that last year discovered BlueBorne , a set of nine zero-day Bluetooth-related flaws in Android, Windows, Linux and iOS that affected billions of devices, including smartphones, laptops, TVs, watches and automobile audio sy
New Bluetooth Hack Affects Millions of Devices from Major Vendors

New Bluetooth Hack Affects Millions of Devices from Major Vendors

July 24, 2018Swati Khandelwal
Yet another bluetooth hacking technique has been uncovered. A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm, while the implication of the bug on Google, Android and Linux are still unknown. The security vulnerability is related to two Bluetooth features—Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software, and BR/EDR implementations of Secure Simple Pairing in device firmware. How the Bluetooth Hack Works? Researchers from the Israel Institute of Technology discovered that the Bluetooth specification recommends, but does not mandate
Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

November 16, 2017Swati Khandelwal
Remember BlueBorne? A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo . As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne. BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks. What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any file—all without requiring user interaction. Also, most security products would likely not be abl
BlueBorne: Critical Bluetooth Attack Puts Billions of Devices at Risk of Hacking

BlueBorne: Critical Bluetooth Attack Puts Billions of Devices at Risk of Hacking

September 12, 2017Swati Khandelwal
If you are using a Bluetooth enabled device, be it a smartphone, laptop, smart TV or any other IoT device, you are at risk of malware attacks that can carry out remotely to take over your device even without requiring any interaction from your side. Security researchers have just discovered total 8 zero-day vulnerabilities in Bluetooth protocol that impact more than 5.3 Billion devices—from Android, iOS, Windows and Linux to the Internet of things (IoT) devices—using the short-range wireless communication technology. Using these vulnerabilities, security researchers at IoT security firm Armis have devised an attack, dubbed BlueBorne , which could allow attackers to completely take over Bluetooth-enabled devices, spread malware, or even establish a "man-in-the-middle" connection to gain access to devices' critical data and networks without requiring any victim interaction. All an attacker need is for the victim's device to have Bluetooth turned on and obvious
Hackers Could Easily Take Remote Control of Your Segway Hoverboards

Hackers Could Easily Take Remote Control of Your Segway Hoverboards

July 19, 2017Mohit Kumar
If you are hoverboard rider, you should be concerned about yourself. Thomas Kilbride, a security researcher from security firm IOActive, have discovered several critical vulnerabilities in Segway Ninebot miniPRO that could be exploited by hackers to remotely take "full control" over the hoverboard within range and leave riders out-of-control. Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electric scooter, also known as SUV of hoverboards, which also allows it riders to control the hoverboard by a Ninebot smartphone app remotely. Ninebot smartphone app allows riders to adjust light colours, modify safety features, run vehicle diagnostics, set anti-theft alarms, and even remotely commanding the miniPRO scooter to move. But the security of powerful miniPRO was so sick that Thomas hardly took 20 seconds to hack it and hijack remote control of it. In a blog post published today, Thomas has disclosed a series of critical security vul
How to Hack Smart Bluetooth Locks and IoT Devices — Check this Out

How to Hack Smart Bluetooth Locks and IoT Devices — Check this Out

September 13, 2016Wang Wei
Bluetooth Low Energy, also known as Bluetooth Smart or Bluetooth 4, is the leading protocol designed for connecting IoT devices, medical equipment, smart homes and like most emerging technologies, security is often an afterthought. As devices become more and more embedded in our daily lives, vulnerabilities have real impact on our digital and physical security. Enter the Bluetooth lock, promising digital key convenience with temporary and Internet shareable access. The problem is, almost all of these locks have vulnerabilities, easily exploited via Bluetooth! DEF CON always has the coolest new hacks and security news, and this year was no exception. The hacking conferences are a great way to get a pulse on the general status of the security world, what people are interested in, worried about, or looking to exploit. This year clearly had an uptick in Internet of Things (IoT) devices and ways to hack them. Obviously, we had to go and take a look at the Bluetooth lock hack, and
Hacking Fitbit Health Trackers Wirelessly in 10 Seconds

Hacking Fitbit Health Trackers Wirelessly in 10 Seconds

October 23, 2015Khyati Jain
Do you need a FitBit Tracker while jogging or running or even sleeping? Bad News! FitBit can be hacked that could allow hackers to infect any PC connected to it. What's more surprising? Hacking FitBit doesn't take more than just 10 Seconds . Axelle Aprville , a researcher at the security company Fortinet, demonstrated "How to hack a Fitbit in only 10 seconds," at the Hack.Lu conference in Luxembourg. Aprville's test was a proof of concept (POC) that did not actually focus on executing malicious payload, rather a logical attack. By using only Bluetooth, Aprville was able to modify data on steps and distance. However, she said it is possible to infect the device in an attempt to spread malware to synced devices. Fitbit Flex tracker is a flexible wristband that measures health statistics, such as blood pressure and heart rate. The Flex is a product of Fitbit, and its salient features are: It can wake you up with a silent vibrati
Smartwatch Hacked... Data Exchange with Smartphone Not So Secure

Smartwatch Hacked... Data Exchange with Smartphone Not So Secure

December 11, 2014Swati Khandelwal
We are living in an era of smart devices that we sync with our smartphones and make our lives very simple and easy, but these smart devices that inter-operates with our phones could leave our important and personal data wide open to hackers and cybercriminals. Security researchers have demonstrated that the data sent between a Smartwatch and an Android smartphone is not too secure and could be a subject to brute force hacks by attackers to intercept and decode users' data, including everything from text messages to Google Hangout chats and Facebook conversations. Well this happens because the bluetooth communication between most Smartwatches and Android devices rely on a six-digit PIN code in order to transfer information between them in a secure manner. Six-digit Pin means approx one million possible keys, which can be easily brute-forced by attackers into exposing entire conversations in plain text. Researchers from the Romania-based security firm Bitdefender ca
Hacking a Car remotely with $20 iPhone sized Device

Hacking a Car remotely with $20 iPhone sized Device

February 08, 2014Swati Khandelwal
In the era of Smart devices, we have Smartphones, Smart TVs, Smart Fridges, and even the Smart cars! We have made our life very easy and comfortable by providing the master control of every task to such smart devices. But imagine if an attacker wants to take revenge or hurt someone, now they can hack your car, rather failing breaks in the traditional way. Sounds Horrible ! WELL, Two Security researchers - Javier Vazquez-Vidal and Alberto Garcia Illera have developed a home-made gadget called ' CAN Hacking Tools (CHT) ', a tiny device smaller than your Smartphone, which is enough to hack your Cars. The Kit costs less than $20, but is far capable to give away the entire control of your car to an attacker from windows and headlights to its steering and brakes. The device uses the Controller Area Network (CAN) ports that are built into cars for computer-system checks, and draws power from the car’s electrical system. Injecting a malicious code to CAN ports all
Bluetooth enabled Credit Card Skimmers planted at Gas Station lead to $2 Million heist

Bluetooth enabled Credit Card Skimmers planted at Gas Station lead to $2 Million heist

January 22, 2014Swati Khandelwal
Cyber Criminals will not let any way out without making Money. Another huge Credit Card theft and this time they targeted Gas Stations. 13 men were suspected and charged for stealing banking information, using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the Southern United States. They made more than $2 Million by downloading the ATM information, as well as PIN numbers from the gas pumps and then used the data to draw cash from the ATMs in Manhattan. Manhattan District Attorney Cyrus R. Vance explained the operation that the skimming devices were internally installed so was undetectable to the people who paid at the pumps and the devices were Bluetooth enabled, so it did not need any physical access in order to obtain the stolen personal identifying information. “ By using skimming devices planted inside gas station pumps, these defendants are accused of fueling the fastest growing crime in the country. Cybercriminals and ident
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.