Cyber security news for all

More

    Numerous Apple devices are attacked from a short distance via Bluetooth

    The new security notice, which draws attention to a new vulnerability in the Bluetooth interface is actually only given a medium risk level. However, it does not appear to be quite as harmless. For affected devices, experts recommend that you no longer use the Bluetooth function until a security update closes the vulnerability. An attacker can apparently connect to the connection between the paired devices.

    Not only Apple devices are affected, but also other users of Intel and Samsung too. In addition to notebooks and Android smartphones, routers are also among the affected devices. The security vulnerability is also known as BIAS (Bluetooth Impersonation Attacks).

    Attackers Gain Access To Additional Bluetooth Functions

    Protection is supposed to offer a secure authentication procedure, but according to security researchers it is possible for an attacker to use the pairing process for attacks. Both the configuration methods Bluetooth Low Energy and Basic Rate Core Configuration are affected. Both types of configuration can be attacked. With the latter, the attacker is given the opportunity to gain access to additional Bluetooth functions. However, these are only available after confirmation by the user. Obviously, the danger posed by the security vulnerability is only limited. The range of Bluetooth is also quite limited, which makes attacks more difficult. Apple should close the vulnerability as soon as possible.

    The security researchers of PDF say that the attack pattern looks like this: The attacker pretends to have a trustworthy device and also claims to support one sided authentication. A request is then sent that the attacker device wants to switch roles to take control of the authentication process. Now comes the security flaw: The device under attack agrees to this and the attacker gains control. Fortunately, the vulnerability was discovered and the Bluetooth Special Interest Group was informed as early as possible. This allowed the standard to be adjusted and the manufacturers to be informed in order to develop patches.

    Recent Articles

    Personnel were asked to removed 89 apps which includes Instagram, Facebook, and others by the Indian Army

    Personnel are told by the Indian Army to delete 89 apps from their phones from July 15. This is in a bid to avoid...

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox