Collaborate Disseminate
Following last year’s disclosure of the BlueBorne vulnerability security experts note that about 2 billion Bluetooth devices are still affected by it. BlueBorne is a collection of bugs that allow the hackers to intrude into them. Many of these de… Continue reading 2 Billion Bluetooth Devices Still Affected by the Blueborne Vulnerability
Whether or not you personally like the concept of the AirPod Bluetooth headphones is irrelevant, as an Apple product one thing is certain: all the cool kids want them. That also means that plenty of overseas manufacturers are pumping out janky clones for a fraction of the price for those who are more about the Apple look than the Apple price tag. Are they any good? No, of course not. But that doesn’t mean you can’t do something interesting with them.
[Igor Kromin] took apart a pair of fake AirPods and was predictably underwhelmed. So much so that he didn’t …read more
Continue reading Knock-Off AirPods Merged into Bluetooth Receiver
Google has now released their “Titan” keys to the general store (albeit via a waitlist). When they first announced their product, Yubico, their chief competitor, decried the use of Bluetooth:
Google’s offering includes a … Continue reading What could MitM’ed U2F do?
I guess some of you might have read about bltejack, a tool to hijack bluetooth connections that was introduced on the latest Blackhat conference.
Here’s a link to the project description and download: https://pypi.org/proje… Continue reading Bltejack without Micro:Bit [on hold]
Successfully connecting things without physical wires has a profound effect on the maker brain. Machines talking to each other without any cables is as amazing today as it was a decade ago. When Bluetooth came out, it was a breakthrough since it offered a wireless way to connect cellphones to a PC. But Bluetooth is a complicated, high-bandwidth power hog, and it didn’t make sense for battery-powered devices with less demanding throughput requirements to pay the energy price. Enter Bluetooth LE (BLE), with power requirements modest enough to enable a multitude of applications including low power sensor nodes and beacons. …read more
Continue reading Beginning BLE Experiments And Making Everything Better
Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and GhostPack. Full Show Notes Subscribe to YouTube Channel
The post Bluetoo… Continue reading Bluetooth Bug, Tenable, and Cosco – Paul’s Security Weekly #569
You shouldn’t transmit encryption keys over Bluetooth, but that’s exactly what some popular wireless-enabled microcontrollers are already doing. This is the idea behind Screaming Channels, an exploit published by researchers at EUERCOM, and will be a talk at Black Hat next week. So far, the researchers have investigated side-channel attacks on Bluetooth-enabled microcontrollers, allowing them to extract tinyAES keys from up to 10 meters away in controlled environments. A PDF of the paper is available and all the relevant code is available on GitHub.
The experimental setup for this exploit consisted of a BLE Nano, a breakout board for a …read more
Continue reading Side Channel Attacks Against Mixed Signal Microcontrollers
This is the Shared Security Weekly Blaze for July 30th, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions and Silent Pocket. This episode was hosted by Tom… Continue reading The Shared Security Weekly Blaze – Bluetooth Vulnerabilities, Malicious Apps Removed from Twitter, Gmail Confidential Mode
I am looking at getting the most secure connection between two BLE devices without an I/O capabilities but I am slightly confused by what is going on.
So without I/O capabilities the highest security I can use is Security mode 1 and Secur… Continue reading BLE 4.2 LE Secure Connection
There are a multitude of radio shields for the Arduino and similar platforms, but they so often only support one protocol, manufacturer, or frequency band. [Jan Gromeš] was vexed by this in a project he saw, so decided to create a shield capable of supporting multiple different types. And because more is so often better, he also gave it space for not one, but two different radio modules. He calls the resulting Swiss Army Knife of Arduino radio shields the Kite, and he’s shared everything needed for one on a hackaday.io page and a GitHub repository.
Supported so …read more
Continue reading Why Have Only One Radio, When You Can Have Two?