22 C
Jaipur
Saturday, October 31, 2020

New ‘BLESA’ Bluetooth Vulnerability Affects Billions of Devices: Researchers

Must read

toyota: Toyota to invest $500 million in KDDI to deepen ties for “connected car” – Latest News

Toyota Motor Corp and KDDI Corp said on Friday that Japan's biggest automaker would invest 52.2 billion yen ($500 million) in the mobile carrier...

This $299 laptop is one of the best Black Friday deals we’ve seen yet – but it ends tomorrow

Granted, we're only just getting started in this year's Black Friday laptop deals, but Best Buy's offerings this weekend are looking particularly sharp. One...

Can the Honor Watch ES smartwatch give a lazy person a six-pack? I found out

Many smartwatches come with a wide range of fitness modes, helping the wearer stay fit and active; however, for all the clever tech in...

France vs Ireland live stream: how to watch Six Nations 2020 rugby anywhere today

We're expecting drama in abundance at the Stade de France tonight, with Ireland the only side who have their fate completely in their own hands...

Cyber-security researches at Purdue University have discovered a critical vulnerability in the Bluetooth software stack. Called ‘BLESA’, or Bluetooth Low Energy Spoofing Attack, the exploit affects Bluetooth LE devices and has the potential to expose billions of people to hacking. Unlike the recently discovered BLURtooth vulnerability that deals with how Bluetooth devices pair with one another, BLESA affects the re-connection process in the BLE software stack.

Reconnections take place when two BLE devices move out of range temporarily before moving back into connection range. While Bluetooth devices typically re-authenticate the cryptographic keys before reconnecting in such scenarios, the researchers found that it might bypass a mandatory recheck in some scenarios, resulting in the critical vulnerability.

Apparently, re-authentication of cryptographic keys is optional under the BLE standard, leaving the door open for possible hackers and malicious actors. In addition, authentication can be circumvented if a BLE device fails to force another device to authenticate the cryptographic keys while reconnecting.

The vulnerability was found in the iOS BLE stack, as well as BlueZ and Fluoride. While the former is a Linux-based implementation of BLE that’s used in IoT devices, the latter has been used in Android for years. It is worth noting though that with Android 11, Google is testing a brand new Bluetooth stack called ‘Gabeldorsche’, or GD, for short.

While Apple apparently patched the vulnerability with iOS 13.4, the BlueZ and Fluoride Bluetooth stacks continue to remain vulnerable. Interestingly, Windows is seemingly immune to this particular exploit, but the vulnerabilities in the other platforms alone are expected to affect billions of smartphones, tablets and IoT devices.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

toyota: Toyota to invest $500 million in KDDI to deepen ties for “connected car” – Latest News

Toyota Motor Corp and KDDI Corp said on Friday that Japan's biggest automaker would invest 52.2 billion yen ($500 million) in the mobile carrier...

This $299 laptop is one of the best Black Friday deals we’ve seen yet – but it ends tomorrow

Granted, we're only just getting started in this year's Black Friday laptop deals, but Best Buy's offerings this weekend are looking particularly sharp. One...

Can the Honor Watch ES smartwatch give a lazy person a six-pack? I found out

Many smartwatches come with a wide range of fitness modes, helping the wearer stay fit and active; however, for all the clever tech in...

France vs Ireland live stream: how to watch Six Nations 2020 rugby anywhere today

We're expecting drama in abundance at the Stade de France tonight, with Ireland the only side who have their fate completely in their own hands...

This is how online shopping may ‘look like’ this holiday season, as per Adobe

Adobe has released its online shopping predictions for the 2020 holiday season. Based on Adobe Analytics data, the company analyzed over one trillion...