• About us
  • Disclaimer
  • Privacy Policy
Wednesday, May 18, 2022
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    Cybersecurity Tips to Protect Your Mac

    Nighthawk Mr5100 Bridge Mode

    What are Data Centers, and Why Are They Important

    What are Data Centers, and Why Are They Important?

    Blanket

    The Main Reasons Why Every Home Needs at Least One Faux Fur Throw

    How to Find a Powerful Laptop

    How to Find a Powerful Laptop?

    how to connect second monitor to laptop windows 10

    Is 300 Mbps Good For Gaming

    Trending Tags

    • Security
    • Web Security
    • cyber-security
    • Enhanced Security
    • Data Security
    • Security Bugs
    • Network Security
    • Cybersecurity
    • Security Updates
    • Mobile Security
    • Microsoft Security Updates
    • Data security and compliance
  • Contact
  • About us
    • Disclaimer
  • Write For Us
No Result
View All Result
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    Cybersecurity Tips to Protect Your Mac

    Nighthawk Mr5100 Bridge Mode

    What are Data Centers, and Why Are They Important

    What are Data Centers, and Why Are They Important?

    Blanket

    The Main Reasons Why Every Home Needs at Least One Faux Fur Throw

    How to Find a Powerful Laptop

    How to Find a Powerful Laptop?

    how to connect second monitor to laptop windows 10

    Is 300 Mbps Good For Gaming

    Trending Tags

    • Security
    • Web Security
    • cyber-security
    • Enhanced Security
    • Data Security
    • Security Bugs
    • Network Security
    • Cybersecurity
    • Security Updates
    • Mobile Security
    • Microsoft Security Updates
    • Data security and compliance
  • Contact
  • About us
    • Disclaimer
  • Write For Us
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Security

Bluetooth Vulnerability Allows Previously Paired Devices to be Impersonated by Attackers

Melina Richardson by Melina Richardson
in Security, Vulnerabilities
A A

Researchers have discovered that a weakness associated with pairing in Bluetooth Basic Rate / Enhanced Data Rate (BR / EDR) connections could be exploited to impersonate a previously paired unit.

The security vulnerability allows an attacker to spoof the Bluetooth address of a previously bonded remote device within the Bluetooth range of an affected device and thus to successfully authenticate without knowing the link key usually used to create an encrypted connection.

“An unauthenticated, adjacent attacker can impersonate a previously paired / bonded device and authenticate successfully without knowing the link key. By performing a Bluetooth Impersonation Attack (BIAS),’ reads a CERT Coordination Center (CERT/CC) alert, this could allow an attacker to gain full access to the paired device.

Get into the Cyber Security Career now!

In a statement published on this vulnerability, the Bluetooth Special Interest Group (SIG) explains that if the system is still vulnerable to the KNOB (Main Bluetooth Negotiation) attack disclosed last year, the attacks enable hackers to “negotiate a reduced encryption key intensity”

The attacker may try to brute-force the encryption key and spoof the paired computer remotely. If the attack is unsuccessful, the encrypted link will not be established but the attacker may still appear to the host authenticated.

To be effective in attacking, the attacker needs to know the remote device’s Bluetooth address to which the target was previously paired. The vulnerability is monitored as CVE-2020-10135, and has a CVSS score of 4.8.

Depending on the Secure Simple Pairing method (Legacy Secure Connections or Secure Connections) used to establish the previous connection to the remote device, the vulnerability can be exploited in 2 ways.

The first method allows the attacker to downgrade the security of authentication and proceed using the BIAS method. If authentication can be downgraded or the system does not support Safe Connections, then the attacker can initiate a master-slave role switch to become the authentication initiator.

“If the remote device is successful, they complete the authentication. If the remote device then does not authenticate with the attacker in the master position, the authentication-complete warning on both devices will result, even though the attacker does not have the connection key, “reads the CERT / CC alert.

Learn Cyber Security Career Guide here!

To mitigate the issue, vendors are advised to ensure that the length of the encryption key cannot be reduced by less than 7 bytes, and that hosts initiate mutual authentication or support Secure Connections Only mode where possible. In addition, they should ensure that the Bluetooth authentication requires an encrypted connection to be used to independently signal a shift in user trust.

“To remedy this vulnerability, the Bluetooth SIG updates the Bluetooth Core Specification to clarify when role switches are allowed, to require mutual authentication in legacy authentication and to recommend encryption-type checks to avoid downgrading of secure connections to legacy encryption,” notes Bluetooth SIG.

Tags: BluetoothPaired Devices
ShareTweetShare
Previous Post

Zero Day Initiative Researchers Publish Five Windows Zero Days

Next Post

Microsoft is Introducing New Security Features for Developers, Clients

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post
Microsoft

Microsoft is Introducing New Security Features for Developers, Clients

Please login to join discussion
  • Trending
  • Comments
  • Latest
router

192.168.0.1 – 192.168.1.1 Router Login Password

April 6, 2020
inurl technology

Latest Carding Dorks List for Sql Injection 2022

March 16, 2022
connect monitor to laptop two screens

How To Connect A Monitor To A Laptop And Use Both Screens?

February 10, 2021
how to connect two monitors to my laptop

How Do I Connect 2 Monitors To My Lenovo Laptop?

January 22, 2021
Windows Flaw

If Older Battleye software is used, Windows 10 1903 Blocked

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
Super Desktop

Asus Router Keeps Dropping Internet

May 17, 2022
How to Find a Powerful Laptop

Reset Orbi

May 17, 2022
Ideal Internet Speed for Online Gaming

AT&T Router Settings

May 17, 2022
Blanket

192.168.0.100.1

May 17, 2022
ADVERTISEMENT

Quick Links

Learnopedia
Tech Write For US
Technology Write For US
Casino Write For Us
Mr.Perfect Reviews
Cyber Security Career

Recent News

Super Desktop

Asus Router Keeps Dropping Internet

May 17, 2022
How to Find a Powerful Laptop

Reset Orbi

May 17, 2022
Ideal Internet Speed for Online Gaming

AT&T Router Settings

May 17, 2022
Blanket

192.168.0.100.1

May 17, 2022
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • Android
  • Camera
  • computer
  • Cyber Attacks
  • Cyber Security
  • Cybercrime
  • Encryption
  • Error
  • Featured
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Login
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Reviews
  • Security
  • Security Degree
  • Smart phone
  • smart tv
  • Social
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • Vulnerabilities
  • Website
  • What is?

Recent News

Super Desktop

Asus Router Keeps Dropping Internet

May 17, 2022
How to Find a Powerful Laptop

Reset Orbi

May 17, 2022
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
  • Contact
  • About us
    • Disclaimer
  • Write For Us

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In