tr

Updated:01:19 PM EDT May 26


this is ggmania.com subsite New Attack exploiting serious Bluetooth weakness - TechAmok

New Attack exploiting serious Bluetooth weakness - [security]
05:54 PM EDT - Aug,18 2019 - post a comment

Researchers have demonstrated a serious weakness in the Bluetooth wireless standard that could allow hackers to intercept keystrokes, address books, and other sensitive data sent from billions of devices.

Dubbed Key Negotiation of Bluetooth-or KNOB for short-the attack forces two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection. Attackers within radio range can then use commodity hardware to quickly crack the key. From there, attackers can use the cracked key to decrypt data passing between the devices. The types of data susceptible could include keystrokes passing between a wireless keyboard and computer, address books uploaded from a phone to a car dashboard, or photographs exchanged between phones.

KNOB doesn't require an attacker to have any previously shared secret material or to observe the pairing process of the targeted devices. The exploit is invisible to Bluetooth apps and the operating system they run on, making the attack almost impossible to detect without highly specialized equipment. KNOB also exploits a weakness in the Bluetooth standard itself. That means, in all likelihood, that the vulnerability affects just about every device that's compliant with the specification. The researchers have simulated the attack on 14 different Bluetooth chips-including those from Broadcom, Apple, and Qualcomm-and found all of them to be vulnerable.

"The Key Negotiation Of Bluetooth (KNOB) attack exploits a vulnerability at the architectural level of Bluetooth," the researchers wrote in a research paper published this week. "The vulnerable encryption key negotiation protocol endangers potentially all standard compliant Bluetooth devices, regardless [of] their Bluetooth version number and implementation details. We believe that the encryption key negotiation protocol has to be fixed as soon as possible."

While people wait for the Bluetooth Special Interest Group-the body that oversees the wireless standard-to provide a fix, a handful of companies has released software updates that patch or mitigate the vulnerability, which is tracked as CVE-2019-9506. The fixes include:

The US CERT has issued this advisory. The Bluetooth Special Interest Group, meanwhile, posted a security notice here.


Short overview of recent news articles

YouTuber Attempts To Blow Bubbles With Molten Lava (May,26 2020 )

i9 10900X vs Ryzen 9 3900X Test in 9 Games (May,26 2020 )

Arm Intros Its High-End Processor Designs for 2021 (May,26 2020 )

Fortnite now runs at 90Hz on the OnePlus 8 series (May,26 2020 )

How the Teenage Players of Habbo Hotel Turned to Financial Crime (May,24 2020 )

8 things NOT to do in Germany (May,24 2020 )

Google Launches Suite of New Accessibility Features (May,24 2020 )

Intel Rocket Lake CPU Appears with 6 Cores and 12 Threads (May,23 2020 )

Tenet - new trailer (May,23 2020 )

Xiaomi Mi Band 5 rumored to gain SpO2 sensor (May,23 2020 )

Intel Core i9-10900K hits 7.7GHz on liquid helium (May,21 2020 )

Apple and Google Launch COVID-19 Exposure Notification (May,21 2020 )

T-Mobile Offers Free Service to First Responders (May,21 2020 )

Intel Core i9-10900K Review (May,21 2020 )

Space Force - Official Trailer (May,20 2020 )

THE HOOD INTERNET presents 1986 (May,18 2020 )

The Best Upcoming ACTION Movies 2020 (Trailers) (May,18 2020 )

Da 5 Bloods - Official Trailer (May,18 2020 )

Driver Performs Strange and Dangerous U Turn (May,18 2020 )

Watch This 1,500-HP Honda Civic Go From 0 To 60 MPH In A Crazy 1.1 (May,18 2020 )

Xfinity Mobile Launches 5G Service (May,18 2020 )

Netflix is restoring streaming quality in Europe (May,16 2020 )

TCL-Branded Phones Launch in US on May 19 (May,14 2020 )

GTA V is free on the Epic Games Store (May,14 2020 )

Unreal Engine 5 Revealed! (PS5) (May,13 2020 )

Microwaving a Highlighter Has a Surprising Reaction! (May,12 2020 )

Intel i9-10900K CPU runs very hot & consumes 235W (May,12 2020 )

WhatsApp will soon allow 50 person video calls (May,11 2020 )

All Samsung Galaxy Phones Since 2014 Are Vulnerable (May,10 2020 )

The process of making friends with a carpenter bee (May,09 2020 )

Windows 10 20H1 Update releases on May 26th (May,09 2020 )

Ashes of the Singularity: Escalation for Free (May,08 2020 )

AMD Ryzen 3 3300X and Ryzen 3 3100 Reviews (May,08 2020 )

iOS 13.5 Can Automatically Share Medical Info with 911 Operators (May,08 2020 )

Verizon Launches LG Q70 (May,08 2020 )

BECKY Trailer (2020) Kevin James as Neo-Nazi Thriller Movie (May,07 2020 )

Shit the simpsons really did predict 2020 (May,07 2020 )

Zoom Threesome (May,07 2020 )

Our Only Hope Against The Murder Hornet Is The Praying Mantis (May,07 2020 )

Call of Duty: Warzone - JaredFPS Highlights at 144+ FPS (May,05 2020 )

Cyberpunk 2077 news set for June 11 (May,05 2020 )

MS researchers solve two 20-year-old problems in quantum computing (May,05 2020 )

T-Mobile Launches Triple-Band "Layer Cake" 5G in NYC (May,05 2020 )

Optical Fingerprint Sensors Can Now be Embedded in LCDs (May,05 2020 )

NVIDIA's Ampere GPUs will be based on TSMC's 7nm node (May,04 2020 )

iOS 13.5 Adds Face Mask Detection, Contact Tracing (May,04 2020 )

Intel 10th Generation Comet Lake Desktop Processors and 400-Series (May,02 2020 )

Lovecraft Country: Official Teaser - HBO (May,02 2020 )

Windows 10 May 2020 Update on May 28 (May,01 2020 )

Mafia 3 is free to play on Steam until May 7th (Apr,30 2020 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs