Security News

Today, researchers have exposed common weaknesses lurking in the latest smart sex toys that can be exploited by attackers. In examples provided by the researchers, technologies like Bluetooth and inadequately secured remote APIs make these IoT personal devices vulnerable to attacks that go beyond just compromising user privacy.

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal's ability to read chip-based cards, forcing customers to swipe the stripe instead. Here's a closer look at the electronic gear jammed into these overlay skimmers.

Following the disclosure, an attacker started targeting Qiui Cellmate mobile app users who controlled the smart toy and locked the chastity device. Victims were asked to pay 0.02 bitcoins, around $270 at the time of the attacks.

Intel has released updated Wireless Bluetooth and Wi-Fi drivers for Windows 10 customers to address known issues causing blue screen of death errors and Bluetooth devices to lose connection or stop working. First of all, the new drivers address Windows 10 stop errors, yellow bang warnings in Device Manager, as well as random disconnections while playing online videos caused by Intel Wireless adapters with faulty drivers.

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the three flaws - collectively called BleedingTooth - reside in the open-source BlueZ protocol stack that offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices.

Bluetooth vulnerabilities that a Google security researcher has identified in the Linux kernel could be exploited to run arbitrary code or access sensitive information. The most severe of these flaws is CVE-2020-12351, a heap-based type confusion that affects Linux kernel 4.8 and higher.

When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD's role is to set up two separate authentication keys for that phone: one for a "Bluetooth Low Energy" device, and one for a device using what's known as the "Basic Rate/Enhanced Data Rate" standard. Different devices require different amounts of data - and battery power - from a phone.

A team of academic researchers have discovered a Bluetooth Low Energy vulnerability that allows spoofing attacks that could affect the way humans and machines carry out tasks. It potentially impacts billions of Internet of Things devices, researchers said, and remains unpatched in Android devices.

A "Hack-proof" smart padlock with security based on blockchain technology could be defeated by a simple Bluetooth replay attack - or a 1kg lump hammer. Its unique selling point is that the padlock can be locked and unlocked using an app that transmits over a Bluetooth Low Energy connection, rather than a physical key or combination lock.

Named BLURtooth, aka CVE-2020-15802, the flaw was present in the Bluetooth BR/EDR from specification version 4.2 to 5.0. The latest version of the Bluetooth spec is 5.2.