Security researchers from Bluetooth SIG disclosed a very serious threatening Bluetooth vulnerability with allow an attacker to bypass authenticating key or Pairing key giving them full control of the service.
This bug leaves millions of Bluetooth devices vulnerable as a researcher also an identity that this affect Bluetooth version 4.0 to 5.0. The flaw was recorded as CVE-2020-15802, the default allows attackers to overwrite the authenticating key, or by decreasing the key force enable them to communications to a targeted neighbouring computer.
Risk Of This Vulnerability
The flaw may lead to a wide range of possible attacks, including man-in-the-middle attacks. A report detailing an attack scenario and the outcome of successful exploitation was also released by The Bluetooth Special Interest Group (SIG), the body that supervises the evolution of Bluetooth standards.
An attacker close to a vulnerable target device in Bluetooth could ruin a pair device's identity in order to overwrite the original key and access authenticated services.
"If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur” - Bluetooth SIG advisory"
Cause Of The Flaw
The researchers found Cross-Transport Key Derivative (CTKD) vulnerabilities in Bluetooth Specification 4.2 to 5.0 implementations that allow pairing and encryption. Furthermore, the researchers discovered that CTKD may allow several LE services to a remotely paired computer.
To succeed in the attack, an attacking device must fit into a compromised Bluetooth device's wireless range. Bluetooth users must ensure that their computer and operating system producers install the latest recommended updates.
The Bluetooth SIG also provides our Member companies with information and solutions on this flaw and invites everyone to quickly implement any required patches.
Hey, check out this Free Online Image Hosting service and sharing Platform.
which have Great features that Allow you to host any image format from JPG, PNG, BMP, WEBP AND GIF
plus allow SEO ranking on images (edit the title) and customised whether to set your image private or not? gives you total control of your privacy
https://free-tool.online/ very soon advance photo editor will be added to its feature
واہ واہ زبردست