Security News

Apptricity announced the launch of its new 20-Mile Ultra Long-Range Bluetooth beacon. This new Bluetooth, from the Apptricity Development Group, is the longest-ranging secure connection on the market, with the ability to transmit data up to 20 miles outdoors and penetrate up to 20 floors indoors.

Renesas Electronics Corporation announced sample shipment availability of the new RYZ012 Bluetooth module targeting ultra-low power IoT applications. The RYZ012 also includes a battery monitor to measure battery capacity and detect low power in battery-operated devices.

The creators of the Mooltipass hardware password manager have unveiled the Mooltipass Mini BLE, a Bluetooth-enabled version of the device that includes many new and useful features. Back in 2016, SecurityWeek reviewed the second generation of the Mooltipass open source hardware password manager, the Mooltipass Mini.

Laird Connectivity has announced the upcoming Sterling-LWB5+ Wi-Fi 5 and Bluetooth 5.1 module. Laird Connectivity's new Sterling-LWB5+ was intentionally designed for industrial IoT applications where performance, size, cost, and ruggedness are required to deliver reliable wireless connectivity.

The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key. We describe each vulnerability in detail, and we exploit them to design, implement, and evaluate master and slave impersonation attacks on both the legacy authentication procedure and the secure authentication procedure.

Academics from École Polytechnique Fédérale de Lausanne disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate and Enhanced Data Rate for wireless data transfer between devices.

Academics from École Polytechnique Fédérale de Lausanne disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate and Enhanced Data Rate for wireless data transfer between devices.

Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. The bugs allow Bluetooth Impersonation Attacks on everything from internet of things gadgets to phones to laptops, according to researchers at the École Polytechnique Fédérale de Lausanne in Switzerland.

A vulnerability related to pairing in Bluetooth Basic Rate / Enhanced Data Rate connections could be exploited to impersonate a previously paired device, researchers have discovered. The security flaw allows for an attacker within Bluetooth range of an affected device to spoof the Bluetooth address of a previously bonded remote device, thus successfully authenticating without knowing the link key normally used for establishing an encrypted connection.

In a paper [PDF] entitled "MagicPairing: Apple's Take on Securing Bluetooth Peripherals," Dennis Heinze, Jiska Classen, and Felix Rohrbach observe that Apple's MagicPairing protocol overcomes two shortcomings of Bluetooth device pairing: poor scalability and a security model that collapses if the permanent key - the Link Key or Long-Term Key - gets compromised. The paper says that Apple's MagicPairing implementations in iOS and macOS contain a number of spelling mistakes in logging messages and, for macOS Bluetooth daemon bluetoothd, function names.