#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

bluetooth hack | Breaking Cybersecurity News | The Hacker News

Category — bluetooth hack
New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

May 19, 2020
Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for wireless data transfer between devices. "The Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment," the researchers outlined in the paper. "Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade." Given the widespread impact of the vulnerability, the researchers said they responsibly disclosed the findings to the Bluetooth Special Interest Group (SIG), the organization that oversees the development o...
A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

Feb 17, 2020
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named ' SweynTooth ,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple system-on-a-chip (SoC) have implemented Bluetooth Low Energy (BLE) wireless communication technology—powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi. According to the researchers, hackers in close physical proximity to vulnerable devices can abuse this vulnerability to remotely trigger deadlocks, crashes, and even bypass security in BLE products, allowing them to arbitrary read or write access to device's functions that are otherwise only allowed to be accessed by an authorized user. "As of today, SweynTooth vulnerabilities a...
What Is Attack Surface Management?

What Is Attack Surface Management?

Feb 03, 2025Attack Surface Management
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. In this guide, we look at why attack surfaces are growing and how to monitor and manage them properly with  tools like Intruder . Let's dive in. What is your attack surface? First, it's important to understand what we mean when we talk about an attack surface. An attack surface is the sum of your digital assets that are 'reachable' by an attacker – whether they are secure or vulnerable, known or unknown, in active use or not. You can also have both internal and external attack surfaces - imagine for example a malicious email attachment landing in a colleague's inbox, vs a new FTP server being...
New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections

New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections

Aug 14, 2019
Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices. The vulnerability, assigned as CVE-2019-9506 , resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices choose an entropy value for encryption keys while pairing to secure their connection. Referred to as the Key Negotiation of Bluetooth ( KNOB ) attack, the vulnerability could allow remote attackers in close proximity to targeted devices to intercept, monitor, or manipulate encrypted Bluetooth traffic between two paired devices. The Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate, also known as "Bluetooth Classic") is a wireless technology standard that has typically been designed for relatively short-range, continuous wireless connection such as streaming audio to headsets...
cyber security

Practical, Tactical Guide to Securing AI in the Enterprise

websiteTinesEnterprise Security / AI Security
Supercharge your organization's AI adoption strategy, and go from complex challenges to secure success.
Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks

Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks

Nov 01, 2018
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit , the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices. Discovered by researchers at Israeli security firm Armis, the vulnerabilities exist in Bluetooth Low Energy (BLE) Stack chips made by Texas Instruments (TI) that are being used by Cisco, Meraki, and Aruba in their enterprise line of products. Armis is the same security firm that last year discovered BlueBorne , a set of nine zero-day Bluetooth-related flaws in Android, Windows, Linux and iOS that affected billions of devices, including smartphones, laptops, TVs, watches and automobile audi...
New Bluetooth Hack Affects Millions of Devices from Major Vendors

New Bluetooth Hack Affects Millions of Devices from Major Vendors

Jul 24, 2018
Yet another bluetooth hacking technique has been uncovered. A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm, while the implication of the bug on Google, Android and Linux are still unknown. The security vulnerability is related to two Bluetooth features—Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software, and BR/EDR implementations of Secure Simple Pairing in device firmware. How the Bluetooth Hack Works? Researchers from the Israel Institute of Technology discovered that the Bluetooth specification recommends, but does not mandate...
Expert Insights / Articles Videos
Cybersecurity Resources