You are reading the article Some Iphones, Ipads, Macs, Vulnerable To Short updated in October 2023 on the website Khongconthamnam.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested November 2023 Some Iphones, Ipads, Macs, Vulnerable To Short
The same security vulnerability is found in a wide range of chips from Intel, Qualcomm, and Samsung, meaning that a large number of non-Apple devices are also affected …
The vulnerability relies on impersonating a previously-paired device and is thus dubbed Bluetooth Impersonation AttackS (BIAS).
Worryingly, BIAS attacks can impersonate either a ‘slave’ or ‘master’ device, meaning that the target device can be asked to either send data or, as in the case of a Bluetooth keyboard, accept it.
The attack works against any device which uses the Bluetooth Classic protocol. This includes some relatively recent Apple devices, including:
iPhone 8 or older
2023 iPad or older
2023 MacBook Pro or older
It also works against many smartphones from Google, LG, Motorola, Nokia, and Samsung.
Attacks can be carried out using low-cost equipment, including a Raspberry Pi.
The Bluetooth standard provides authentication mechanisms based on a long term pairing key, which are designed to protect against impersonation attacks. The BIAS attacks from our new paper demonstrate that those mechanisms are broken, and that an attacker can exploit them to impersonate any Bluetooth master or slave device.
Our attacks are standard-compliant, and can be combined with other attacks, including the KNOB attack. In the paper, we also describe a low cost implementation of the attacks and our evaluation results on 30 unique Bluetooth devices using 28 unique Bluetooth chips.
We found and exploited a severe vulnerability in the Bluetooth BR/EDR specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker can impersonate a device towards the host after both have previously been successfully paired in absence of the attacker.
The details are rather technical and explained in a detailed paper. There is also a one-minute overview video, which you can watch below.
But the essence is this. The attacker claims to be a previously-trusted device, and also claims to support only the lowest level of Bluetooth security: unilateral authentication. Your device agrees to be in charge of authenticating the remote device, but the attacker sends another request that it should be the one to take control of the authentication process (something known as role-switching). Due to a bug in the protocol, your device simply agrees to this. The attacker then sends the authentication OK, and your device trusts it.
The research team disclosed their findings to the Bluetooth Special Interest Group (Bluetooth SIG) – the standards organization that oversees the development of Bluetooth standards – in December of last year, and held back on public disclosure until now in order to allow workarounds to be developed.
The Bluetooth SIG says that it will be updating the Bluetooth Core Specification to block a key element of the attack process (preventing the target device from agreeing to a less secure protocol), and in the meantime is encouraging manufacturers to issue a security patch to make the attack less likely to succeed.
BIAS would require relatively targeted attacks from someone within Bluetooth range. If you are concerned you may be targeted in this way, best practice would be to keep Bluetooth turned off when you are not using it. A paranoid user would also instruct their device to forget Bluetooth devices immediately after using them, and to repeat the pairing each time.
FTC: We use income earning auto affiliate links. More.
You're reading Some Iphones, Ipads, Macs, Vulnerable To Short
Update the detailed information about Some Iphones, Ipads, Macs, Vulnerable To Short on the Khongconthamnam.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!