• About us
  • Disclaimer
  • Privacy Policy
Monday, August 15, 2022
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Tips for Buying the Perfect Travel Sim Card

    Tips for Buying the Perfect Travel Sim Card

    How to Write Farewell and Appreciate Messages

    How to Write Farewell and Appreciate Messages?

    Software help business

    Reasons to Buy the Right Business Hardware

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Tips for Buying the Perfect Travel Sim Card

    Tips for Buying the Perfect Travel Sim Card

    How to Write Farewell and Appreciate Messages

    How to Write Farewell and Appreciate Messages?

    Software help business

    Reasons to Buy the Right Business Hardware

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Security

Bluetooth Vulnerability Allows Previously Paired Devices to be Impersonated by Attackers

Melina Richardson by Melina Richardson
in Security, Vulnerabilities
A A

Researchers have discovered that a weakness associated with pairing in Bluetooth Basic Rate / Enhanced Data Rate (BR / EDR) connections could be exploited to impersonate a previously paired unit.

The security vulnerability allows an attacker to spoof the Bluetooth address of a previously bonded remote device within the Bluetooth range of an affected device and thus to successfully authenticate without knowing the link key usually used to create an encrypted connection.

“An unauthenticated, adjacent attacker can impersonate a previously paired / bonded device and authenticate successfully without knowing the link key. By performing a Bluetooth Impersonation Attack (BIAS),’ reads a CERT Coordination Center (CERT/CC) alert, this could allow an attacker to gain full access to the paired device.

In a statement published on this vulnerability, the Bluetooth Special Interest Group (SIG) explains that if the system is still vulnerable to the KNOB (Main Bluetooth Negotiation) attack disclosed last year, the attacks enable hackers to “negotiate a reduced encryption key intensity”

The attacker may try to brute-force the encryption key and spoof the paired computer remotely. If the attack is unsuccessful, the encrypted link will not be established but the attacker may still appear to the host authenticated.

To be effective in attacking, the attacker needs to know the remote device’s Bluetooth address to which the target was previously paired. The vulnerability is monitored as CVE-2020-10135, and has a CVSS score of 4.8.

Depending on the Secure Simple Pairing method (Legacy Secure Connections or Secure Connections) used to establish the previous connection to the remote device, the vulnerability can be exploited in 2 ways.

The first method allows the attacker to downgrade the security of authentication and proceed using the BIAS method. If authentication can be downgraded or the system does not support Safe Connections, then the attacker can initiate a master-slave role switch to become the authentication initiator.

“If the remote device is successful, they complete the authentication. If the remote device then does not authenticate with the attacker in the master position, the authentication-complete warning on both devices will result, even though the attacker does not have the connection key, “reads the CERT / CC alert.

To mitigate the issue, vendors are advised to ensure that the length of the encryption key cannot be reduced by less than 7 bytes, and that hosts initiate mutual authentication or support Secure Connections Only mode where possible. In addition, they should ensure that the Bluetooth authentication requires an encrypted connection to be used to independently signal a shift in user trust.

“To remedy this vulnerability, the Bluetooth SIG updates the Bluetooth Core Specification to clarify when role switches are allowed, to require mutual authentication in legacy authentication and to recommend encryption-type checks to avoid downgrading of secure connections to legacy encryption,” notes Bluetooth SIG.

ShareTweetShare
Previous Post

Zero Day Initiative Researchers Publish Five Windows Zero Days

Next Post

Microsoft is Introducing New Security Features for Developers, Clients

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post
Microsoft

Microsoft is Introducing New Security Features for Developers, Clients

Please login to join discussion

Free Online Tools

Article Rewriter Pro
Grammar Checker Pro
Plagiarism Checker
Online Ping Website Tool
Website Screenshot Generator
Website Source Code Finder

Free A To Z IT Tools Online

Free IT Tools Online
  • Trending
  • Comments
  • Latest
inurl technology

Latest Carding Dorks List for Sql Injection 2022

March 16, 2022
connect monitor to laptop two screens

How To Connect A Monitor To A Laptop And Use Both Screens?

February 10, 2021
how to connect two monitors to my laptop

How Do I Connect 2 Monitors To My Lenovo Laptop?

January 22, 2021
Gb Whatsapp An Unexpected Error

Gb Whatsapp An Unexpected Error

November 7, 2021
Windows Flaw

If Older Battleye software is used, Windows 10 1903 Blocked

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
Cyber Security Degree In Pennsylvania

Ways Block Chain Affect Web Security in 2022

August 5, 2022

10 Tips on How to Improve your Software Development Skills

July 19, 2022

Quick Links

Learnopedia
Tech Write For US
Technology Write For US
Casino Write For Us
Mr.Perfect Reviews
Cyber Security Career

Recent News

Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
Cyber Security Degree In Pennsylvania

Ways Block Chain Affect Web Security in 2022

August 5, 2022

10 Tips on How to Improve your Software Development Skills

July 19, 2022
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • computer
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Reviews
  • Security
  • Security Degree
  • Smart phone
  • smart tv
  • Social
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • Vulnerabilities
  • Website
  • What is?

Recent News

Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In