help@business.co.za
Visit FAQs

Terms - Privacy
Business.co.za 2021
Webhosting by Domains.co.za

Information Technology
Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices

Dial a Nerd

@DialANerd

A critical flaw found in Bluetooth Low Energy (BLE) receivers may grant cybercriminals entry to anything from personal devices, such as phones or laptops, to even cars and houses. The new findings from cybersecurity company NCC Group detail how BLE uses proximity to authenticate that the user is near the device. This has been able to be faked as part of the research, which could affect everyone from the average consumer to organizations seeking to lock the doors to their premises.

This issue is believed to be something that can’t be easily patched over or just an error in Bluetooth specification. This exploit could affect millions of people, as BLE-based proximity authentication was not originally designed for use in critical systems such as locking mechanisms in smart locks, according to the NCC Group.

“What makes this powerful is not only that we can convince a Bluetooth device that we are near it—even from hundreds of miles away—but that we can do it even when the vendor has taken defensive mitigations like encryption and latency bounding to theoretically protect these communications from attackers at a distance,” said Sultan Qasim Khan, Principal Security Consultant and Researcher at NCC Group. “All it takes is 10 seconds—and these exploits can be repeated endlessly.”

How the Bluetooth to exploit could already be affecting you

To start, the cybersecurity company points out that any product relying on a trusted BLE connection is vulnerable to attacks from anywhere in the world at any given time.

To quote NCC Group’s findings, “by forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt.”

These Bluetooth systems are used to lock items such as vehicles or residences that are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware, according to the cybersecurity company. As a proof of concept, it was found by Khan that a link-layer relay attack conclusively defeats existing applications of BLE-based proximity authentication. This was found to affect the following devices:

  • Cars with automotive keyless entry
  • Laptops with Bluetooth proximity unlock feature
  • Mobile phones
  • Residential smart locks
  • Building access control systems
  • Asset and medical patient tracking

One of the specified vehicles known to be affected by this exploit is the Tesla Models 3 and Y.

“This research circumvents typical countermeasures against remote adversarial vehicle unlocking, and changes the way engineers and consumers alike need to think about the security of Bluetooth Low Energy communications,” Khan added. “It’s not a good idea to trade security for convenience—we need better safeguards against such attacks.”

Ways to protect your assets against this flaw

To assist users in avoiding being the next victims of the BLE and its shortcomings, NCC Group offers the following three tips:

  1. Manufacturers can reduce risk by disabling proximity key functionality when the user’s phone or the key fob has been stationary for a while (based on the accelerometer).
  2. System makers should give customers the option of providing a second factor for authentication, or user presence attestation (e.g., tap an unlock button in an app on the phone).
  3. Users of affected products should disable passive unlock functionality that does not require explicit user approval, or disable Bluetooth on mobile devices when it’s not needed.

Since the bug can be exploited from anywhere, it is crucial that users find out which of their devices uses BLE technology and disable it or at least restrict passive unlocking. For manufacturers and system makers, it could be crucial to rethink which pieces of technology are being used to unlock devices and potentially stop producing items with BLE technology since it can be easily exploited.

WRITTEN BY

Dial a Nerd

@DialANerd

View Business Page
Discuss this article

You can select the account to comment from with the dropdown arrow on the left, and you can easily mention businesses using their @businesshandle in order to let them know about this article.

Vanessa

HOW TO RECOVER FUNDS LOST IN FOREX TRADING, CRYPTO INVESTMENT OR CRYPTO TRADING

If you have fallen victim to a Bitcoin or crypto investment scam and have lost funds, it can be a devastating experience. However, there are steps you can take to try and recover your lost funds. One option is to contact THE HACK ANGELS RECOVERY EXPERT, a company that specializes in recovering funds lost to scams. Their services have proven invaluable in my case, and their success in recovering my funds has been a tremendous relief. They have the skills and knowledge required to tackle such complex issues and provide effective solutions. I hope my story helps others who might be struggling with similar issues and encourages them to take action to recover their losses. Reach out to THE HACK ANGELS RECOVERY EXPERT via below contact details

Mail Box; support@thehackangels.comWebsit: https://www.thehackangels.comWhatsapp; +1(520)-200.2320
If you're in London, you can even visit them in person at their office located at 45-46 Red Lion Street, London WC1R 4PF, UK. 
 

Reply

Michael

I am excited to announce that Ultimate Hacker Jerry is the leading agency for crypto recovery! My name is Michael, a crypto trader who unfortunately fell victim to online scammers. Thanks to Ultimate Hacker Jerry, I successfully recovered my lost assets. I wholeheartedly recommend their services for anyone seeking bitcoin recovery. Don’t let scammers win—reach  out to them today!Contact info;Web; https://ultimateshackjerry.com/Email; ultimatehjerry@hackermail.comWhatsp ; +1727 375 6272

Reply

Raymond

A Lifeline When All Hope Was Nearly Lost - Thank You, HashHunt Agency!
To the incredible team at HashHunt Agency,
I am writing this review not just as a recommendation, but as a heartfelt thank you. My friend and I recently suffered a devastating financial loss in the crypto space. It was an amount that represented everything we had, and the situation nearly drove us into the ground. The stress and anxiety were overwhelming.
In our darkest moment, we found HashHunt Agency. From the outset, their professionalism and expert knowledge provided a glimmer of hope. They walked us through the process with patience and transparency, using skills we simply did not possess.
Thanks to their dedicated efforts, they managed to recover a substantial and truly significant amount of our total loss. It is no exaggeration to say that they saved us from financial ruin.
We are entirely and eternally grateful for their service. If you find yourself in a similar, desperate situation, do not hesitate—reach out to them. They are legitimate, incredibly skilled, and they care.
You can contact them via:
Official Email: connect@hashhuntagency.com
WhatsApp: +1 (202) 213-8495
Website: hashhuntagency.com
Thank you again, HashHunt Agency. You have our highest recommendation.

Reply

Lynn

After losing $156,60 to a scam, I spent three years searching for help. Brunoe Quick Hack came through when no one else could. They recovered my funds and gave me hope again. I highly recommend their service to any scam victim. Email. BrunoeQuickHACK(AT)gmail. COM....
WhatsAPP  +17057842635....
—Lynn Whitfield, Los Angeles

Reply