Two Bluetooth vulnerabilities

Two Bluetooth vulnerabilities

In the last two weeks it became known about two vulnerabilities in Bluetooth wireless communication standard. First, on September 9th the Bluetooth SIG organization issued a warning about the BLURtooth family of attacks. In theory, the vulnerability in the Bluetooth 4.2 and 5.0 specifications allows organizing MitM-attack. In practice it requires many conditions to match, e.g. connection (with limited rights) to target device.

The vulnerability was found at the junction of two Bluetooth connection options – traditional Basic Rate / Enhanced Data Rate and energy efficient Bluetooth Low Energy. Long-term shared keys are generated in devices supporting both BR/EDR and BLE to avoid double authentication via different protocols. The specification allows the keys to be overwritten if a more reliable data transfer mode is required. But as a result, a connection can be established with the device either without proper authorization at all, or the connection security can be easily hacked.



The second vulnerability, called BLESA, was found in the Bluetooth Low Energy specification. It allows you to connect to other devices without authorization, simulating the procedure to restore the connection after disconnection.

In practice, it looks like this: a device is connected to the smartphone (for example, a fitness tracker), then the connection to it is cut off and connected to the smartphone device of the attacker. No additional authorization is required and it is easy to intercept the ID of the legitimate device as this data is transmitted in clear text. The ease of reconnecting the device has turned into a security hole.

Sources



BLURTooth:

BLESA:

.

.

  • New on Habra with PoC video.

The information about these attacks is disclosed quite differently. A scientific paper with a detailed description of the attack process has been published about BLESA. About BLURtooth – only two short messages without details. Perhaps this is due to the fact that for BLESA has already released a patch (at least for the Apple devices), as well as preparing patches for Android and the universal stack Bluez.

BLURtooth – so far the problem without a solution. Although these attacks have in common: a low probability of use in practice because of the need to be close to the victim and questionable (at least unexplored) prospects in terms of stealing data.

Both vulnerabilities may become a stage of a more serious attack on IoT-devices in the future, especially since the Bluetooth stack update will not be available everywhere.

What else happened

.
Kaspersky Lab specialists have published report on threat development in the second quarter of 2020. Of interest: the growth of malicious attacks on “game” topics, in particular – phishing and distribution of malware related to the Steam platform.

In the conditions of remote work such attacks can lead not only to theft of in-game or real money, but also to penetration into the working infrastructure, if the victim for games and work uses the same computer.

Another Kaspersky Lab study describes to a zero-day vulnerability in Internet Explorer 11. Paired with another hole, not so dangerous in itself, browser bug provided full control over target system.

A sad but predictable case: in Germany, an encryption Trojan attack on the hospital infrastructure led to the patient’s death.

On Wednesday September 16 developers updated the Drupal CMS, including fixes critical XSS vulnerability.

An interesting case occurred with WordPress plugin Discount Rules for WooCommerce. Two serious vulnerabilities protected at third attempt only.

The Bleeping Computer reports a phishing attack that is masked as an information security training.

Google Ban on software like stalkerware in Google Play. More precisely, it is impossible to watch the user secretly: if there are such functions, the user should be warned that his movements and actions will be watched.

The Zerologon vulnerability exploit in Windows appeared in the public domain. The patch for this hole released back in August this year.

 

Source



WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


3 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: