Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bluetooth Flaw. Show all posts

Bluebugging: A Cyberattack that Abuses Bluetooth Connectivity and Steals User data


What is blue bugging?

Blue bugging is a type of hacking which hackers use to get into users' devices with discoverable Bluetooth connectivity connections. The devices which are hacked through this technique are called being blue bugged. Once a device is bluebugged, hackers can access contact information, tap calls, view and send messages, and more.

Bluebugging was earlier used to compromise laptops or computers with Bluetooth connectivity. Later, hackers used this method to compromise mobile phones and other devices. Martin Herfurt, an independent cybersecurity security researcher, claimed that the flaw was able to get the user's call log and call history for abusing a flaw in the Bluetooth protocol. 

Device with Bluetooth connectivity more vulnerable to Bluebugging

The devices with Bluetooth functions can be bluebugged. Threat actors use wireless earphones execute this technique. Hackers can record the conversations of users via apps that connect to TWS (True Wireless Stereo) earphones or other devices. Once the device is bluebugged, the hacker has access to your contacts and can modify or overtake them, perform and record chats, view and send messages, and much more. 

How does Bluebugging work?

Hackers use Bluetooth connection to hack the Bluetooth enabled devices. If a device's Bluetooth is set as discoverable, the hacker attempts to pair with the bluetooth. We should note that most of the devices with bluetooth connection stay configured to be found out as default setting. 

How does Bluebugging execute?

When a connection has been set, threat actors use brute force to escape detection. After that, the hackers deploy a malware bluebugged on the bluebugged device to gain unauthorised entry into the device. If a bluetooth-enabled device is within a 10-meter range of the hacker, the attack can be performed.

"You can save your device from Bluebugging by first disabling Bluetooth to stop anyone from finding your Bluetooth devices. This will prevent hackers from pairing with your device. Then you should remove paired Bluetooth devices if they are not being used. One more thing you can do is update the system software on the device, limiting the usage of open WiFi, and using a VPN is also an additional layer of security," reports Kalinga TV.






Critical Bug Identified in Fisher Price Chatter Bluetooth Telephone

 

Cybersecurity researchers at PenTest Partners have uncovered a severe privacy bug in a Fisher Price Chatter Bluetooth phone that allows spying on users. 

Fisher-Price is a popular kids’ toys brand owned by the Barbie-giant Mattel Inc., but the 2021 version was designed for adults that connects to a smartphone and can be used as a speaker phone or to make calls. 

The phone is the Fisher Price Chatter Special Edition called “60G LTE” – which stands for “60 great years, Let’s Talk Everywhere” and an infomercial for the handset opens with “The past has finally arrived” before mocking mobile phone ads quite nicely.

The device uses Bluetooth Classic failing in implementing a secure pairing process, which means it connects with any pairing request device, and the attacker can listen to whatever is said within range of the Chatter’s microphone. Experts also discovered that if the phone handset is left off, it will auto-answer any call to a connected smartphone. 

“When powered on, it just connects to any Bluetooth device in range that requests to pair,” researchers explained in a blog post. “Some nearby (next door house, next apartment, street outside) can connect their own Bluetooth audio device (smartphone/laptop, etc.) and use it to bug their neighbors.”

PenTest Partners reported the vulnerabilities to Mattel to explain why Chatter’s security is so fragile and recommended the firm improve the pairing process or turn it off as the easiest mitigation. The company replied that the device was an adult toy and not for use by children.

“During initial exchanges, Mattel indicated that it was an adult toy and not for use by children. We find it hard to believe that children will not be given a phone to play with after the novelty wears off with the adult! Further, some of the audio bugging issues do not require the interaction of a child or adult,” concludes the post. 

The researchers have suggested that adults thoroughly examine the phone to mitigate the threats. It includes checking the phone’s Bluetooth paired devices to find any unknown connections besides ensuring the handset of the toy phone remains in place and powering off the phone when not explicitly in use.

Billions of Wi-Fi and Bluetooth Devices Susceptible to Password and Data Theft Assaults

 

Cybersecurity researchers from Darmstadt University of Technology, together with colleagues from the Secure Mobile Networking Lab, University of Brescia and CNIT, have unearthed multiple security flaws in WiFi chips that can be abused to extract passwords and manipulate traffic on a WiFi chip via a Bluetooth feature. 

According to the research paper published by the experts, modern mobile devices have a chip with separate components for Bluetooth, Wi-Fi, and LTE, each with its own dedicated security execution. However, these chips usually share the same resources such as the antenna or the wireless spectrum to enhance the efficiency of the devices, minimizing the energy consumption and the latency in communications.

The shared resources of wireless modules can be used by attackers as bridges to perform privilege escalation assaults across wireless chip boundaries, researchers explained.

“This paper demonstrates lateral privilege escalations from a Bluetooth chip to code execution on a Wi-Fi chip. The WiFi chip encrypts network traffic and holds the current WiFi credentials, thereby providing the attacker with further information,” reads the article released by cybersecurity experts. 
“Moreover, an attacker can execute code on a Wi-Fi chip even if it is not connected to a wireless network. In the opposite direction, we observe Bluetooth packet types from a Wi-Fi chip. This allows determining keystroke timings on Bluetooth keyboards, which can allow reconstructing texts entered on the keyboard.”

To test the vulnerabilities, researchers performed practical coexistence assaults on Broadcom, Cypress, and Silicon Labs chips deployed in billions of devices. The demonstration allowed researchers to achieve WiFi code execution, memory readout, and denial of service. 

In total, researchers identified nine different flaws. Some can be patched with firmware updates, while others can only be fixed with new hardware revisions that put billions of existing devices at risk of potential attacks. Attackers can execute code by exploiting an unpatched or new security issue over the air or abusing the local OS firmware update mechanism.

“Some issues can only be patched by releasing a new hardware revision. For example, a new firmware version will not physically remove shared memory from a chip or adjust for arbitrary jitter in a serial protocol. Moreover, some packet timing and metadata cannot be removed without negatively impacting packet coordination performance” researchers added. 

All the nine flaws can be tracked by the following names: 

CVE-2020-10368: WiFi unencrypted data leak (architecture) 
CVE-2020-10367: Wi-Fi code execution (architecture) 
CVE- 2019-15063: Wi-Fi denial of service (protocol) 
CVE-2020 -10370: Bluetooth denial of service (protocol) CVE-2020-10369: Bluetooth data leak (protocol) 
CVE-2020-29531: WiFi denial of service (protocol) 
CVE-2020-29533: WiFi data leak (protocol) 
CVE-2020-29532: Bluetooth denial of service (protocol) CVE-2020-29530: Bluetooth data leak (protocol) 

The researchers have reported their findings to the chip vendors, and some of them have already patched the security loopholes. However, many have not fixed these security bugs either because they are no longer compatible with the affected products or because firmware is unworkable.

A New Security Vulnerability Discovered in Bluetooth technology


Two teams of security researchers have discovered a new vulnerability in Bluetooth technology that has been confirmed by The Bluetooth Special Interest Group (SIG), the bloc responsible for Bluetooth interests. The flaw could potentially allow a hacker to take complete control of a user’s Bluetooth enabled device without authorization.

Bluetooth is a short-range, low powered, high-speed open wireless technology that uses the Internet of Things (IoT) for transmitting fixed and mobile electronic device data. Bluetooth replaces the cables that people conventionally used to connect devices, with an added purpose of keeping the communications secure. However, with convenience and productivity, Bluetooth also presents major security threats.

Devices using the Bluetooth standard 4.0 through 5.0 are vulnerable to a flaw called ‘BLURtooth’ in Cross-Transport Key Derivation (CTKD) - it allows an attacker to manipulate the CTKD component and overwrite authentication keys on the victim’s device. The Bluetooth 5.1 standard released by the Bluetooth SIG in January 2019 contains features that provide security against BLURtooth attacks.

Earlier this year, in May, academics from Italy and Germany identified yet another new type of attack ‘Spectra’, it was reported to break the separation between Wi-Fi and Bluetooth running on the same device. While relying upon the fact that transmissions happen in the same spectrum, the attack works against "combo chips".

In a blog post published on their website, the company told that for CTKD attack to be successful “an attacking device would need to be within wireless range of a vulnerable Bluetooth device supporting both BR/EDR and LE transports that supports CTKD between the transports and permits pairing on either the BR/EDR or LE transport either with no authentication (e.g. JustWorks) or no user-controlled access restrictions on the availability of pairing. If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur. This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.”

“The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers,” the blog further read.

Security flaw in Bluetooth-enabled devices






A group of security researchers at the Center for IT-Security, Privacy, and Accountability (CISPA) found a flaw that could affect billions of Bluetooth-enabled devices, which includes smartphones, laptops, smart IoT devices, and other devices.

The experts named the vulnerability as CVE-2019-9506 and they tagged it as a KNOB (Key Negotiation of Bluetooth).

According to the researchers, the flaw in Bluetooth’s authentication protocols enables hackers to compromise the devices and spy on data transmitted between the two devices. The astonishing fact about the flaw is that the hackers could exploit this vulnerability even though the devices had been paired before.

However, the KNOB’s official website, every standard-compliant Bluetooth device could be exploited. “We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack,” it reads.

Bluetooth SIG has issued a security notice regarding the vulnerability.

  • Conditions for a successful attack:
  • Both the devices have to be vulnerable
  • Both the devices have to be within the range establishing a BR/EDR connection. If any of the devices are not affected by the vulnerability, the attack wouldn’t work
  • Direct transmissions between devices while pairing has to be blocked
  • Existing connections won’t lead to a successful attack — it has to be done during negotiation or renegotiation of a paired device connection


Bluetooth  SIG has started working on updating a remedy for the flaw. 

New Vulnerability in Bluetooth Connections Allows Hackers to Spy on Private Conversations


Bluetooth is used worldwide as one of the most convenient methods of connecting and controlling the devices in range. However, according to a recent report, a vulnerability labeled as the KNOB (Key Negotiation of Bluetooth) attack has been found in Bluetooth connections.

All the Bluetooth compliant devices can be affected by the vulnerability, which allows attackers to spy on a victim's personal conversations. Hackers can also exploit the vulnerability to manipulate the data present on the compromised device.

How the attack unfolds? 

While establishing a functional Bluetooth connection, both the devices rely upon an encryption key. Therefore,
in order to execute the attack, hackers exploit the vulnerability in the Bluetooth standard and weaken this encryption of Bluetooth devices instead of breaking it straightaway.

The attacker gets in the way while the devices are setting up the encryption key and resorts to brute force attack for breaking the new key with less number of digits and manipulates both the devices to employ the new encryption key.

The vulnerability affects devices by some of the renowned manufacturers namely, Apple, Qualcomm, and Intel. Companies like Apple, Microsoft, Cisco, Google, Blackberry, Broadcom and Chicony has already issued a patch to fix the flaw, as per the reports by Mashable.

The group of researchers from the Singapore University of Technology and Design, University of Oxford, and CISPA Helmholtz Center for Information Security, who found this critical vulnerability, explained, "We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker is able to listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired."