Sunday, June 7, 03:29
Home security Billions of devices were attacked by Bluetooth BIAS

Billions of devices were attacked by Bluetooth BIAS

BIAS

A new attack called Bluetooth BIAS, allows intruders to deceive an already connected device and perform a successful identity check without having the connection key used for the coupling.

According to a study published by researchers at the École Polytechnique Fédérale de Lausanne (EPFL), which has the title BIAS: Bluetooth Impersonation AttackS, the Bluetooth standard contains some vulnerabilities allowing malicious agents to exploit them and "fake" a device, thus making it safe connection.

Bluetooth BIAS Attack

The BIAS Bluetooth attack can be carried out thanks to defects to its specifications device, so that any standard Bluetooth-compatible device is vulnerable.

For the attack to be successful, the attack device must be within the range of a vulnerable Bluetooth device, which had previously connected BR / EDR to a remote device, with a known Bluetooth address in the invader.

The investigation, published by the EPFL, cites two methods of attack. The intruder needs a remote device that was previously mapped, but without support for Secure Connections, to degrade identity security.

This would allow him to gain access to the device using the BIAS method, unless the device he is attacking is operating exclusively on Secure Connections.

If the attack is successful, o intruder can perform an identity check with the remote device. If the device receiving the attack does not authenticate with the intruder's device, it will again cause a full authentication notification, even though the connection key is not shared.

As a result, an intruder completes the secure connection installation while falsifying Bluetooth devices, without the need to know and validate the long-term key shared between the victims.

How will you protect yourself?

To repair the vulnerability, h Bluetooth SIG An update on Bluetooth core specifications will be released.

The update will be available with a future review of specifications. Until then, however, the Bluetooth SIG recommends reducing the length of the encryption key to less than 7 bytes.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...