New Unpatched Bluetooth Vulnerability Lets Hackers conquer encryption Easily

2 44
Avatar for Secure
Written by
3 years ago

Security researchers from Bluetooth SIG disclosed a very serious threatening Bluetooth vulnerability with allow an attacker to bypass authenticating key or Pairing key giving them full control of the service.


This bug leaves millions of Bluetooth devices vulnerable as a researcher also an identity that this affect Bluetooth version 4.0 to 5.0. The flaw was recorded as CVE-2020-15802, the default allows attackers to overwrite the authenticating key, or by decreasing the key force enable them to communications to a targeted neighbouring computer.

Risk Of This Vulnerability 


The flaw may lead to a wide range of possible attacks, including man-in-the-middle attacks. A report detailing an attack scenario and the outcome of successful exploitation was also released by The Bluetooth Special Interest Group (SIG), the body that supervises the evolution of Bluetooth standards.

An attacker close to a vulnerable target device in Bluetooth could ruin a pair device's identity in order to overwrite the original key and access authenticated services.

"If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur” - Bluetooth SIG advisory"

Cause Of The Flaw

The researchers found Cross-Transport Key Derivative (CTKD) vulnerabilities in Bluetooth Specification 4.2 to 5.0 implementations that allow pairing and encryption. Furthermore, the researchers discovered that CTKD may allow several LE services to a remotely paired computer. 

To succeed in the attack, an attacking device must fit into a compromised Bluetooth device's wireless range. Bluetooth users must ensure that their computer and operating system producers install the latest recommended updates. 



The Bluetooth SIG also provides our Member companies with information and solutions on this flaw and invites everyone to quickly implement any required patches.

Hey, check out this Free Online Image Hosting service and sharing Platform.

which have Great features that Allow you to host any image format from JPG, PNG, BMP, WEBP AND GIF

plus allow SEO ranking on images (edit the title) and customised whether to set your image private or not? gives you total control of your privacy

https://free-tool.online/ very soon advance photo editor will be added to its feature

12
$ 0.00
Sponsors of Secure
empty
empty
empty
Avatar for Secure
Written by
3 years ago

Comments

واہ واہ زبردست

$ 0.00
3 years ago