Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bluetooth. Show all posts

Bluetooth Security Flaw Strikes Apple, Linux, and Android Devices

Vulnerabilities in the constantly changing technology landscape present serious risks to the safety of our online lives. A significant Bluetooth security weakness that affects Apple, Linux, and Android devices has recently come to light in the cybersecurity community, potentially putting millions of users at risk of hacking.

The flaw, identified as CVE-2023-45866, was first brought to light by security researchers who detected a potential loophole in the Bluetooth communication protocol. The severity of the issue lies in its capability to allow hackers to take control of the targeted devices, potentially leading to unauthorized access, data theft, and even remote manipulation.

Security experts from SkySafe, a renowned cybersecurity firm, delved into the intricacies of the vulnerability and disclosed their findings on GitHub. If successfully employed, the exploit could lead to a myriad of security breaches, prompting urgent attention from device manufacturers and software developers alike.

Apple, a prominent player in the tech industry, was not exempt from the repercussions of this Bluetooth bug. The flaw could potentially enable hackers to hijack Apple devices, raising concerns among millions of iPhone, iPad, and MacBook users. Apple, known for its commitment to user security, has been swift in acknowledging the issue and is actively working on a patch to mitigate the vulnerability.

Linux, an open-source operating system widely used across various platforms, also faced the brunt of this security loophole. With a significant user base relying on Linux for its robustness and versatility, the impact of the Bluetooth flaw extends to diverse systems, emphasizing the urgency of a comprehensive solution.

Android, the dominant mobile operating system, issued a security bulletin addressing the Bluetooth vulnerability. The Android Security Bulletin for December 2023 outlined the potential risks and provided guidance on necessary patches and updates. As the flaw could compromise the security of Android devices, users are strongly advised to implement the recommended measures promptly.

Cybersecurity experts stated, "The discovery of this Bluetooth vulnerability is a stark reminder of the constant vigilance required in the digital age. It underscores the importance of prompt action by manufacturers and users to ensure the security and integrity of personal and sensitive information."

This Bluetooth security issue serves as a grim reminder of the ongoing fight against new cyber threats as the tech world struggles with its implications. In order to strengthen its commitment to a secure digital future, the IT industry is working together with developers, manufacturers, and consumers to quickly identify and fix vulnerabilities.

Strengthening Cyber Defense: China's Actions Against AirDrop and Bluetooth File Sharing

 


After protesters used various mobile file-sharing services such as AirDrops and Bluetooth to evade censorship, spread protest messages, and impose more restrictions on their use, China is restricting the use of these services to impose more restrictions and expand its censorship mechanisms. 

In October 2022, protesters in China used the AirDrop app to upload content to one another, bypassing censorship and internet restrictions during anti-government protests. This led to AirDrop's move. AirDrop's use on Chinese devices was limited a few weeks after Apple limited its use. 

The Cyberspace Administration of China is proposing to force "close-range mesh network services" to keep logs regarding what is deemed harmful and illegal information, and to report such files to the authorities if they become aware of them. 

The Cyberspace Administration of China published a draft proposal on cybercrime earlier this week. This was in response to a request from a body headed by leader Xi Jinping. 

Described in the regulation as a means of maintaining national security and [protecting public interests] through the regulation of technology such as Bluetooth and Wi-Fi that enables close-range wireless communication, the regulation is meant to best protect national security, the regulation states. 

Essentially, the proposed rules are designed to prevent harmful and illegal content from being distributed on the internet. They save relevant records and report such content discovery to regulators once it has been discovered. 

It would also be mandatory for service providers to provide data and technical assistance to those authorities who conduct inspections, including the Internet regulators and the police. This would ensure their compliance. Along with registering their real names, users must also enter their email addresses. 

Furthermore, before features or technologies that mobilize public opinion can be introduced to the market, security assessments must be carried out to determine their suitability. 

A few protesters in China escaped Apple's surveillance by using airdrops to avoid being observed after the Chinese government became aware that Apple was using it. The use of this technology enabled them to broadcast messages which criticized the regime, and they were made available to the public. There was also the benefit of being able to share files anonymously over the network in China thanks to this method.  

Following government complaints, Apple has limited its iPhone models to China. There was a need for users to have the ability to only receive files from people who were not registered as contacts for over 10 minutes.   

The iPhone has led to Apple owning about half of the market for mobile devices in China, while Apple owns about one-fifth of the market for mobile devices in Hong Kong. There have been widespread protests against the government in Hong Kong in the past few years, which is a former British colony.  

In such networks, people are strongly advised not to publish or share harmful or illegal information. They are also advised to report violations of this rule to the regulator. Creating or supporting such a network is an important step forward in ensuring the privacy of users who register for their services. 

It is also imperative to run security assessments before introducing any features or technologies that can potentially mobilize public opinion in any way. This is to determine whether or not they are suitable for market implementation. 

As soon as the Chinese government learned that Apple was utilizing airdrops to avoid being observed, a few protesters in China managed to escape Apple's surveillance system by using airdrops to avoid being monitored. They are making use of this technology to broadcast messages that criticize the regime, which is open to the public, and enable them to express their dissatisfaction with the regime. Using this method of sharing files anonymously over the network in China had also the benefit of enabling users to share files without fear of being exposed to scrutiny.   

The government has complained to Apple about its iPhone models, so the company has decided to limit them in China. Users needed to be able to request files from people who were not registered as contacts within a specific period of up to 10 minutes. This was for ten days. 

With the iPhone, Apple has gained a significant portion of the market for mobile devices in China. Apple also holds a substantial portion of the market for mobile devices in Hong Kong, where it owns about one-fifth of the market. Over the past few years, Hong Kong, a former British colony that has been part of the Mainland since 1997, has seen widespread protests against the government.

It is highly recommended in such a network that you avoid publishing or sharing information in a manner perceived as harmful or illegal. You should report it to the regulator if you encounter someone violating this rule. This is a significant step forward in ensuring the privacy of users who sign up for a company's services. This is done by creating or supporting a network like this. 

China has taken proactive measures to protect itself from potential cyber threats associated with the use of AirDrop and Bluetooth to share files to improve its cyber defenses. The nation is tightening controls and regulations surrounding these technologies to safeguard critical data and ensure the protection of the nation's information infrastructure.

China is showing its commitment to safeguarding the flow of information within its borders by taking such measures as well as strengthening its cyber defense capabilities as well as protecting national interests as a consequence of taking these actions. It reminds us that strengthening the cybersecurity of the nation is a global challenge that is a constant occurrence.

Ways Automobile Companies Collect Customer Data

Automobiles collect data on a variety of aspects, including your identity, travel history, driving style, and more. The utilization of this information, according to automakers, will improve driving efficiency and driver and vehicle safety. However, without rules or regulations regulating consumer privacy in cars and what automakers do with your data, users are left to conjecture.

Rent-a-car firms may undoubtedly take advantage of every chance to increase their revenue and have better control over their fleet. Technology for surveillance is already in use. They can easily track their customers as a result. This function was first created to avoid high insurance costs, reduce the likelihood of automobiles being stolen, and add new levies.  

Companies that rent cars can keep records of the whereabouts and activities of their customers. They can quickly pick up on the client's behavior. Leading businesses disclosed the installation of cameras and microphones in their vehicles. Top firms have disclosed placing cameras and microphones in their vehicles. Customers can feel assured since they don't turn them on arbitrarily. 

How Automakers Gather User Data:
  • Camera: Dashboard and reverse cameras can record an accident for insurance officials to view. However, in addition to providing date, time, and road position information, they can also show the route taken by the vehicle.
  • Key fob: The VIN, the total number of keys that have been associated with a certain vehicle, and the most recent times the car was locked and unlocked are some of the data that are recorded in a fob.
  • Informational system: It was previously possible to listen to music while driving on a simple cassette or CD player. But over time, Bluetooth, wifi, and USB gadgets that can be controlled by touch screens or dashboard displays replaced these systems.
  • Black boxes: They are gadgets that track a driver's performance while operating a car. A driver's premium can be reduced if the black box data shows they are performing effectively while driving.
Tracking devices aid in preventing thefts, recovering vehicles that have already been taken, and saving people in an accident. However, since all of this data is transmitted over an Internet connection, it is susceptible to interception. Additionally, the servers on which this data is housed are vulnerable to hacking. You continue to be in the dark regarding the collection and sharing of your personal data by automakers. It can be challenging, but in the future, one might have to find a workable solution to this dilemma. Always examine the security of your data, and from the outset, become familiar with the potential of the vehicles you rent or purchase.  






















Hardware Bugs Provide Bluetooth Chipsets Unique Traceable Fingerprints

 

A recent study from the University of California, San Diego, has proven for the first time that Bluetooth signals may be fingerprinted to track devices (and therefore, individuals). At its root, the identification is based on flaws in the Bluetooth chipset hardware established during the manufacturing process, leading to a "unique physical-layer fingerprint."

The researchers said in a new paper titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices, "To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals." 

The assault is made feasible by the pervasiveness of Bluetooth Low Energy (BLE) beacons, which are constantly delivered by current smartphones to allow critical tasks such as contact tracking during public health situations. 

The hardware flaws come from the fact that both Wi-Fi and BLE components are frequently incorporated into a specialised "combo chip," effectively subjecting Bluetooth to the same set of metrics that may be utilized to uniquely fingerprint Wi-Fi devices: carrier frequency offset and IQ imbalance. 

Fingerprinting and monitoring a device, therefore, includes calculating the Mahalanobis distance for each packet to ascertain how similar the characteristics of the new packet are to its previously registered hardware defect fingerprint. 

"Also, since BLE devices have temporarily stable identifiers in their packets [i.e., MAC address], we can identify a device based on the average over multiple packets, increasing identification accuracy," the researchers stated. 

However, carrying out such an attack in an adversarial situation has numerous obstacles, the most significant of which is that the ability to uniquely identify a device is dependent on the BLE chipset employed as well as the chipsets of other devices in close physical distance to the target. Other key aspects that may influence the readings include device temperature, variations in BLE transmit power between iPhone and Android devices, and the quality of the sniffer radio utilised by the malicious actor to carry out the fingerprinting assaults. 

The researchers concluded, "By evaluating the practicality of this attack in the field, particularly in busy settings such as coffee shops, we found that certain devices have unique fingerprints, and therefore are particularly vulnerable to tracking attacks, others have common fingerprints, they will often be misidentified. BLE does present a location tracking threat for mobile devices. However, an attacker's ability to track a particular target is essentially a matter of luck."

ESET: Criminals will be Able to Steal Personal Data Using Smartwatches

 

ESET analysts reported that cybercriminals can use smartwatches to steal personal data and warned Russians about the main dangers associated with this gadget. 

"According to our estimates, the market for smartwatches and fitness trackers will grow by 12.5 percent annually and will exceed $118 billion by 2028. Such indicators cannot but attract scammers. Therefore, it is worth understanding in advance the security and privacy risks associated with this," the ESET study says. 

The threat of data interception is due to the fact that many smartwatches and fitness trackers are synchronized with the owners' smartphones, including some applications such as e-mail or messengers. Thus, attackers can hijack both devices, which threatens, in particular, the loss of passwords. ESET further warns that the stolen personal data can then be sold on the darknet. 

Another serious risk for a cybercriminal's victim is tracking the GeoPosition of the device. Such data allows hackers to draw up a detailed diagram of the user's movements in order to attack his home or car. "The safety of children's smartwatches, which can be monitored by outsiders, is even more worrying," ESET states. Speaking about the specific vulnerabilities of smart fitness trackers, cyber specialists pay attention to Bluetooth technology, in which "numerous vulnerabilities have been discovered over the years," weak software of gadgets and paired smartphone applications that may contain coding errors. 

According to ESET analysts, risks can be reduced via the use of two-factor authentication, the use of a strong password to lock the screen, as well as a ban on external connections to smartwatches will also prevent threat. 


Data can be leaked both via the Internet and via Bluetooth a critical Bluetooth vulnerabilities allow executing arbitrary malicious code on the device and gaining full control over the device's system, as well as carrying out a man-in-the-middle attack (MiTM), which leads to the unauthorized interception of user data.

BrakTooth Vulnerability Puts Bluetooth Users At Risk, Flaws Left Unpatched

 

White Hat hackers revealed a set of vulnerabilities named as BrakTooth, which affects commercial bluetooth gadgets, raising suspicions about vendor's intent to fix the flaws. Automated Systems Security (ASSET) Research Group at Singapore University of Technology and Design said that they released BrakTooth, "a family of 16 new security vulnerabilities (20+ CVEs) in commercial Bluetooth Classic (BR/EDR) stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE).

"The team has shown off arbitrary code execution on an ESP32 microcontroller, commonly found in Internet of Things (IoT) devices which are rarely if ever updated by their manufacturers, denial of service attacks against laptops and smartphones with the Intel AX200 and Qualcomm WCN3390 chips, and the ability to freeze or shut down headphones and other Bluetooth audio devices,"said the Register. It said BrakTooth affects major SoC (System on Chip) vendors like Qualcomm, Intel, Texas Instruments, Silicon Labs, Infeneon and others.

BrakTooth represents around 1400 commercial products including Microsoft Surface Pro 7, Surface Laptop 3, Surface Book 3, and Surface Go 2, and Volvo FH infotainment systems which threaten to leak "fundamental attack vectors in the closed BT [Bluetooth] stack." 

This is not the first time that the group has made such claims, earlier, ASSET was behind the SweynTooth vulnerabilities in 2020. Vendors have been informed about the sixteen vulnerabilities, however, the feedbacks recieved vary. 

"Espressif, whose popular ESP32 microcontroller family was affected, was one of the first to release a patch closing the holes, along with Bluetrum Technology and Infineon. Intel, Actions, and Zhuhai Jieli Technology have confirmed they are either investigating the flaws or actively developing patches. Harman International and SiLabs, by contrast, "hardly communicated with the team," the researchers claimed, "and the status of their investigation is unclear at best," reports the Register. 

Qualcomm and Texas Instruments had it worse, latter said that it won't release the patches until the customers demand so, and the former is only patching few parts even though unpatched chips appear in brand new products releasing across the world.

Safeguard Your Smartphones From Radio-based Attacks

 

Smartphones, unlike PCs, involve a range of radios – generally cellular, Wi-Fi, Bluetooth, and Near Field Communication (NFC) – that permit wireless communication in a variety of situations, and these radios are made to remain turned on while the user moves around the world. All smartphone users should be aware of the security implications of these wireless connections. 

Security flaws in these interfaces are a matter of concern, whether built into the protocol or discovered in a particular implementation. They can enable attackers to force connections to untrusted equipment, allowing them to extract data and even gain access to the target device. According to reports, RF-based tactics are used by sophisticated nation-state actors such as Russia and China, allegedly target people traveling through airports and other chokepoints. However, the tools for RF hacking are available to garden-variety hackers as well. 

Ways attackers engage in RF hacking: 

The IMSI catcher, also known as a cell-site simulator, false cell tower, rogue base station, StingRay, or dirtbox in cellular communications, is the biggest concern. An IMSI catcher is a piece of equipment that acts like a genuine cell tower, allowing a targeted smartphone to connect to it rather than the actual mobile network. It may be done using a variety of ways, such as impersonating a neighboring cell tower or using white noise to jam the competing 5G/4G/3G frequencies. 

The IMSI catcher places itself between the targeted smartphone and its cellular network after capturing the IMSI of the targeted smartphone. (the ID number connected to its SIM card). The IMSI catcher is then used to track the user's position, collect data from the phone, and, in some circumstances, even install spyware on the device. 

Unfortunately, there's no guaranteed method for the ordinary smartphone user to see or know they're connecting to a fraudulent cell tower, but there may be some hints: a notably slower connection or a change in a band in the phone's status bar. 

Though 5G in standalone mode promises to make IMSI catchers obsolete since the Subscription Permanent Identifier (SUPI) – 5G’s IMSI equivalent – is never exposed in the handshake between smartphone and cell tower. However, because these deployments account for a small percentage of all cellular networks, IMSI catchers will continue to be successful in the vast majority of situations in the near future. 

A Karma attack performed via a rogue access point is a critical danger to be mindful of on the Wi-Fi front. A rogue access point is often a Wi-Fi penetration testing device – the Wi-Fi Pineapple is one popular model – that is set up to attract unsuspecting users rather than auditing Wi-Fi networks. 

In a Karma attack, the rogue AP compromises a basic feature of smartphones and all Wi-Fi-enabled devices. When a smartphone's Wi-Fi is turned on but not connected to a network, the rogue AP broadcasts a preferred network list (PNL), which includes the SSIDs (Wi-Fi network names) of access points to which the device previously connected and is willing to reconnect to automatically without user intervention. 

The rogue AP provides itself an SSID from the PNL after getting this list, fooling the smartphone into thinking it's connected to a known Wi-Fi network. An intruder can spy on network traffic to acquire sensitive data after the targeted smartphone connects. This sort of attack is difficult to detect without continually monitoring the Wi-Fi indicator in the status bar. 

Bluetooth exploits: Instead of relying on constraints inherent in the protocol's standard operating procedures, attackers use particular weaknesses inside the protocol or its implementation to carry out an attack. Bluetooth is a very lengthy and complicated standard, which means there are more possibilities for flaws to arise in the protocol's code as well as for developers to make mistakes in their implementations. 

BlueBorne is a strong example of the damage that a Bluetooth-based assault may do. The BlueBorne vulnerabilities, first disclosed in 2017 and mainly fixed since then, are an attack vector that allows attackers to gain total control of a target device without having to pair with it or even having the device in discoverable mode. Bluetooth has enhanced privileges on nearly all operating systems, with components ranging from the hardware level to the application level, allowing for such control. 

Lastly, NFC is a technology that allows for payment between a smartphone and a retailer's terminal. Due to its limited range (approximately a mile), and fewer use cases, NFC attacks are possible. A malicious NFC tag on an Android device, for example, might immediately launch a malicious site in the user's browser if the device is unlocked. Weaponizing a malicious tag on iOS demands some social engineering, as a popup notifies the user that the tag wants to open a certain app; for example, in a transit station, the tag may request that the user open the most recent train timetable in their browser. 

Techniques to minimize risks: 

Although radio-based assaults on smartphones are frequently undetectable to the user and fall beyond the realm of most mobile security solutions, there are a few steps a user can take to protect their smartphone and data. 

Turning off radios (especially Wi-Fi and Bluetooth) while not in use or when in public is the most effective. If the smartphone permits it, disable 2G functionality to reduce the danger of IMSI catchers. Turn off auto-join for hotspots on Wi-Fi. Install security updates for Bluetooth as soon as they become available to ensure that any known Bluetooth flaws are addressed. 

If one often goes through chokepoints or known hostile regions, they should consider investing in a high-end Faraday case to protect against RF assaults (Faraday bags are generally inadequate against strong signals). The radios in smartphones are a crucial component of why these gadgets are so popular. People can escape being easy targets for the evil people with a little bit of knowledge and aggressive resistance against their misuse.