Security News

Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component. To exploit these vulnerabilities, the researchers first needed to perform code execution on either the Bluetooth or WiFi chip.

The embargo period is over for a proof-of-concept tool to test for the recently revealed BrakTooth flaws in Bluetooth devices, and the researchers who discovered them have released both the test kit and full exploit code for the bugs. BrakTooth is a collection of flaws affecting commercial Bluetooth stacks on more than 1,400 chipsets used in billions of devices - including smartphones, PCs, toys, internet-of-things devices and industrial equipment - that rely on Bluetooth Classic for communication.

Over the past few years, mobile devices have become increasingly chatty over the Bluetooth Low Energy protocol and this turns out to be a somewhat significant privacy risk. More recently, the US-based researchers explain, software for tracking COVID-19 has used mobile devices as BLE beacons, broadcasting signals in the service of public health.

Accompanying documentation explained that the gateway can measure distance to the wristband. Since the alternative was to serve the quarantine in a cramped and expensive hotel room with my kids, I was prepared to allow the app the access it wanted.

A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don't implement MAC address randomisation - meaning they can be used to track their wearers. Norwegian state broadcaster NRK revealed Bjorn Hegnes' findings after helping him analyse Bluetooth emissions from a dozen different models of audio headphones, contained within 1.7 million Bluetooth messages he intercepted.

Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip circuits from over a dozen vendors. Researchers from the Singapore University of Technology and Design have published details about BrakTooth - a new family of security vulnerabilities in commercial Bluetooth stacks.

A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service attacks. Collectively dubbed "BrakTooth", the 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments, covering an estimated 1,400 or more commercial products, including laptops, smartphones, programmable logic controllers, and IoT devices.

Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic for communication. Potentially, billions of devices could be affected worldwide, researchers said.

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity", the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired with one another, which remain authenticated until an explicit deauthentication action is taken, or the authenticated session expires.

Google on Monday announced that it's discontinuing the Bluetooth version of the Titan Security Key and it will only offer devices that have near-field communication functionality. The company will only offer two types of Titan security keys: a USB-A version and a USB-C version, both with NFC capabilities.