A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don't implement MAC address randomisation - meaning they can be used to track their wearers. Norwegian state broadcaster NRK revealed Bjorn Hegnes' findings after helping him analyse Bluetooth emissions from a dozen different models of audio headphones, contained within 1.7 million Bluetooth messages he intercepted.
Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip circuits from over a dozen vendors. Researchers from the Singapore University of Technology and Design have published details about BrakTooth - a new family of security vulnerabilities in commercial Bluetooth stacks.
A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service attacks. Collectively dubbed "BrakTooth", the 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments, covering an estimated 1,400 or more commercial products, including laptops, smartphones, programmable logic controllers, and IoT devices.
Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic for communication. Potentially, billions of devices could be affected worldwide, researchers said.
A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity", the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired with one another, which remain authenticated until an explicit deauthentication action is taken, or the authenticated session expires.
Google on Monday announced that it's discontinuing the Bluetooth version of the Titan Security Key and it will only offer devices that have near-field communication functionality. The company will only offer two types of Titan security keys: a USB-A version and a USB-C version, both with NFC capabilities.
Google is discontinuing the Bluetooth Titan Security Key to focus on security keys with Near Field Communication functionality. As part of this move, Google has also announced a new Titan Security Key with USB-C and NFC to go along with the previously available USB-A + NFC security key.
The Zephyr real-time operating system for embedded devices received an update earlier this month that fixes multiple vulnerabilities that can cause a denial-of-service condition and potentially lead to remote code execution. Matias Karhumaa, a senior software engineer at Synopsys, an American electronic design automation company, found eight vulnerabilities in Zephyr after testing the lowest layers of the operating system's Bluetooth LE stack.
Multiple vulnerabilities recently patched in Zephyr's Bluetooth LE stack could be exploited to cause denial of service conditions, prevent further connections, or even leak sensitive information, according to a warning from researchers at the Synopsys Cybersecurity Research Center. The platform includes support for multiple network protocols, including the full Bluetooth LE stack.
Vulnerabilities in the Zephyr real-time operating system's Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack - unless upgraded to a patched version of the OS. A security advisory released by Synopsys this afternoon highlights eight key vulnerabilities in Zephyr's Bluetooth Low Energy software stack. The vulnerabilities, discovered through use of Synopsys's Defensics fuzzing software, are exploitable when the devices are in advertising mode and accepting connections from remote devices - putting a wide range of gadgets at risk.