Security News

Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. Kali NetHunter - Kali's mobile pentesting platform/app - has been augmented with Bluetooth Arsenal, which combines a set of Bluetooth tools in the app with pre-configured workflows and use cases.

Apptricity announced the launch of its new 20-Mile Ultra Long-Range Bluetooth beacon. This new Bluetooth, from the Apptricity Development Group, is the longest-ranging secure connection on the market, with the ability to transmit data up to 20 miles outdoors and penetrate up to 20 floors indoors.

Renesas Electronics Corporation announced sample shipment availability of the new RYZ012 Bluetooth module targeting ultra-low power IoT applications. The RYZ012 also includes a battery monitor to measure battery capacity and detect low power in battery-operated devices.

The creators of the Mooltipass hardware password manager have unveiled the Mooltipass Mini BLE, a Bluetooth-enabled version of the device that includes many new and useful features. Back in 2016, SecurityWeek reviewed the second generation of the Mooltipass open source hardware password manager, the Mooltipass Mini.

Laird Connectivity has announced the upcoming Sterling-LWB5+ Wi-Fi 5 and Bluetooth 5.1 module. Laird Connectivity's new Sterling-LWB5+ was intentionally designed for industrial IoT applications where performance, size, cost, and ruggedness are required to deliver reliable wireless connectivity.

The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key. We describe each vulnerability in detail, and we exploit them to design, implement, and evaluate master and slave impersonation attacks on both the legacy authentication procedure and the secure authentication procedure.

Academics from École Polytechnique Fédérale de Lausanne disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate and Enhanced Data Rate for wireless data transfer between devices.

Academics from École Polytechnique Fédérale de Lausanne disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate and Enhanced Data Rate for wireless data transfer between devices.

Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. The bugs allow Bluetooth Impersonation Attacks on everything from internet of things gadgets to phones to laptops, according to researchers at the École Polytechnique Fédérale de Lausanne in Switzerland.

A vulnerability related to pairing in Bluetooth Basic Rate / Enhanced Data Rate connections could be exploited to impersonate a previously paired device, researchers have discovered. The security flaw allows for an attacker within Bluetooth range of an affected device to spoof the Bluetooth address of a previously bonded remote device, thus successfully authenticating without knowing the link key normally used for establishing an encrypted connection.