Últimas notícias

Fique informado

Bluetooth Flaw Could Let Hackers Attack You Wirelessly From 800 Feet Away

14 de setembro de 2020

Spotlight

Doc9 lança Guia Prático de Prompts para ChatGPT no Jurídico: Como Maximizar a Eficiência com a Inteligência Artificial

Para obter os melhores resultados com o ChatGPT no contexto jurídico, siga as dicas importantes do Guia Prático de Prompts da doc9.

28 de maio de 2024

Governo Federal apoia Rio Grande do Sul na emissão 2ª via da Carteira de Identidade Nacional

O mutirão coordenado pelo Governo do RS começou nos abrigos de Porto Alegre. Expedição da segunda via será imediata

20 de maio de 2024

Performance Improvements via Formally-Verified Cryptography in Firefox

Cryptographic primitives, while extremely complex and difficult to implement, audit, and validate, are critical for security on the web.

7 de julho de 2020

Maximum SSL/TLS Certificate Validity is Now One Year. By Patrick Nohe

Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days). This change was first announced by Apple, at the CA/Browser Forum Spring Face-to-Face event in Bratislava back in March.

1 de julho de 2020

Your laptop, smartphone or tablet’s Bluetooth chip provides an easy way to connect wireless speakers, keyboards and other accessories. It may also be opening you up to a nasty new cyber attack

By Lee Mathews

Lee Mathews – Contributor at Forbes

Two independent teams of researchers, one from Purdue University and another at the École polytechnique fédérale de Lausanne, identified a new flaw that affects Bluetooth 4.0 and Bluetooth 5.0. This new vulnerability has been dubbed BLURtooth.

Both version allow connections from a fair distance away — up to 200 feet for Bluetooth 4.0 and around 800 feet for Bluetooth 5.0. A malicious hacker could potentially attack a vulnerable device from more than two football fields away.

What makes a device vulnerable? It has to support both the Bluetooth Basic Rate/Enhanced Data Rate and Bluetooth Low Energy protocol and protocols. It also has to support Cross-Transport Key Derivation (CTKD) for device pairing.

That covers a broad swath of Bluetooth-enabled devices, from smartphones to fitness trackers to speakers. According to the researchers, any of these devices could be compromised wirelessly by an attacker.

Properly exploited, BLURtooth would allow the attacker to pair his or her own devices without the user’s knowledge. No prompt would ever appear asking the user to confirm the connection or enter a PIN because the attacker is able to either overwrite encryption keys or forced the connection to use weaker encryption.

Once connected, the attacker could “gain additional access to profiles or services that are not otherwise restricted.” These ‘man-in-the-middle’ attacks could allow a hacker to do things like steal keystrokes or eavesdrop on audio.

The research team has disclosed the BLURtooth vulnerability to Bluetooth SIG, which in turn began notifying hardware vendors. The researchers note that the SIG has provided guidance on how the threat can be mitigated — including only allowing pairing operations when a user manually enables pairing mode.

Many devices will require either software or firmware updates. While assurances have been made that those patches will be delivered, there’s really no way to know how long it will take at this point.

It’s an incredibly complicated proposal given the wide variety of devices impacted. Fortunately, there are certain ones that can be protected right now.

The newer Bluetooth 5.1 standard already supports features that should be able to prevent a BLUR attack. Manufacturers of devices utilizing Bluetooth 5.1 may be able to deliver patches much more rapidly.

Source: Forbes

North Korea-Linked Hackers Are Now Spreading Their Own Ransomware

The Future of Privacy – Why Using and Protecting Personal Data Is a Vital Business Imperative

Safe handling of digital identities: 5 key questions.