Updated:04:16 PM EDT Sep 23


this is ggmania.com subsite New Attack exploiting serious Bluetooth weakness - TechAmok

TOP STORIES

HEADLINES

Naruto Running in Area 51
Experiment: Coca Cola and Mentos Under Water
Wi-Fi 6 Launches Today As 802.11ax
How Close Are We to Immortality?
20 MOST EMBARRASSING MOMENTS IN SPORTS
7 Best Xbox Emulators For Your PC
Kodi 18.4 released
The Rise And Fall Of The Headphone Jack
Windows 10 20H1 major improvements revealed
Slipknot - Gun Cover!
10-Second Video Of A Mom Embarrassing Her Daughter
Lock Picker Bypasses Popular Security System With $2 Device
NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches
20 Awesome Tricks with WD-40
Slipknot - Solway Firth [OFFICIAL VIDEO]
Japan-Korea Trade Spat and Toshiba Blackout Hike DRAM Prices by 20%
3 FROM HELL Official Trailer (2019) Rob Zombies, Horror Movie
25 million Android devices get infected

Google Play Pass announced 350+ games for $4.99/month
Wild Motorcycle Police Chase Through Sao Paulo!
Naruto Running in Area 51
App vs website
Intel i9-9900KS CPU details
AMD Ryzen 5 3500X Gaming Benchmarks
iPhone 11 Pro unboxing and first impressions
Six Batman games are now free
US Navy confirms UFO videos are the real deal
Experiment: Coca Cola and Mentos Under Water
Because you want to see a baby otter drinking milk.
Intel Adds More L3 Cache to Its Tiger Lake CPUs
Call of Duty: Modern Warfare Bundles
Self Solving Rubik's Cube
Amazon launches premium streaming service with lossless audio
There's another Battlestar Galactica reboot coming
Wi-Fi 6 Launches Today As 802.11ax
HP Printers Try to Send Data Back to HP

New Attack exploiting serious Bluetooth weakness - [security]
05:54 PM EDT - Aug,18 2019 - post a comment

Researchers have demonstrated a serious weakness in the Bluetooth wireless standard that could allow hackers to intercept keystrokes, address books, and other sensitive data sent from billions of devices.

Dubbed Key Negotiation of Bluetooth-or KNOB for short-the attack forces two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection. Attackers within radio range can then use commodity hardware to quickly crack the key. From there, attackers can use the cracked key to decrypt data passing between the devices. The types of data susceptible could include keystrokes passing between a wireless keyboard and computer, address books uploaded from a phone to a car dashboard, or photographs exchanged between phones.

KNOB doesn't require an attacker to have any previously shared secret material or to observe the pairing process of the targeted devices. The exploit is invisible to Bluetooth apps and the operating system they run on, making the attack almost impossible to detect without highly specialized equipment. KNOB also exploits a weakness in the Bluetooth standard itself. That means, in all likelihood, that the vulnerability affects just about every device that's compliant with the specification. The researchers have simulated the attack on 14 different Bluetooth chips-including those from Broadcom, Apple, and Qualcomm-and found all of them to be vulnerable.

"The Key Negotiation Of Bluetooth (KNOB) attack exploits a vulnerability at the architectural level of Bluetooth," the researchers wrote in a research paper published this week. "The vulnerable encryption key negotiation protocol endangers potentially all standard compliant Bluetooth devices, regardless [of] their Bluetooth version number and implementation details. We believe that the encryption key negotiation protocol has to be fixed as soon as possible."

While people wait for the Bluetooth Special Interest Group-the body that oversees the wireless standard-to provide a fix, a handful of companies has released software updates that patch or mitigate the vulnerability, which is tracked as CVE-2019-9506. The fixes include:

The US CERT has issued this advisory. The Bluetooth Special Interest Group, meanwhile, posted a security notice here.


Short overview of recent news articles

Sep,13 2019 AMD Releases Radeon Software Adrenalin 19.9.2 Drivers
Sep,13 2019 Western Digital Unveils WD_BLACK Gaming Storage Lineup
Sep,13 2019 How Close Are We to Immortality?
Sep,13 2019 Leak of Microsoft Salaries Shows Fight for Higher Compensation
Sep,13 2019 Sprint Matches Verizon's Free iPhone 11 Deal
Sep,12 2019 RAMBO 5 LAST BLOOD Trailer #3
Sep,12 2019 Windows 10 KB4515384 is now causing audio issues
Sep,12 2019 Google Chrome Now Supports "Send to Your Devices"
Sep,12 2019 New iPhones Include Ultra-Wideband Chip for Directional AirDrop
Sep,12 2019 Walmart, Verizon Offering Deals on iPhone 11 Series
Sep,12 2019 Conarium is now available for free
Sep,12 2019 Call of Duty: Modern Warfare - RTX ON - Gunfight 2v2 MP Gameplay
Sep,11 2019 NetCAT Vulnerability Exploits DDIO on Intel Xeon Processors to Steal
Sep,10 2019 iPhone 11 Pro: Three Cameras, Two Sizes
Sep,10 2019 Apple iPhone 11 Sports Wide-Angle Camera
Sep,10 2019 Apple Watch Series 5 Has Always-On Display
Sep,10 2019 Apple's Game Subscription Service Will Cost $5/Month
Sep,10 2019 SEE - Official Trailer
Sep,10 2019 Valerie Plame Is Running For Congress
Sep,10 2019 Baes and Bikinis - Resort 2020
Sep,10 2019 NVIDIA Releases GeForce 436.30 WHQL Drivers
Sep,09 2019 Oxy-Acetylene Explosions at 330 000 fps
Sep,09 2019 How to Solve a Rubik's Cube
Sep,09 2019 Samsung to Sell New A-Series Phones Unlocked
Sep,09 2019 GIGABYTE Unveils Aorus Liquid Cooler 240
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs