1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Wide range of gadgets at risk of damaging Bluetooth security flaw

    From TechnologyDaily@1337:1/100 to All on Wed Jun 23 15:15:03 2021
    Wide range of gadgets at risk of damaging Bluetooth security flaw

    Date:
    Wed, 23 Jun 2021 13:59:33 +0000

    Description:
    A string of vulnerabilities in the Bluetooth stack of the Zephyr RTOS leaves
    a whole lot of devices prone to attacks.

    FULL STORY ======================================================================

    Cybersecurity researchers have shared details about eight vulnerabilities in the Bluetooth Low Energy (BLE) software stack of the open source real-time Zephyr OS .

    Developed under the aegis of the Linux Foundation , Zephyr started at Wind River before it was acquired by Intel and eventually open sourced. The OS supports over 200 boards and counts the likes of Intel, Linaro, Texas Instruments, Nordic Semiconductor, Bose, Facebook, Google, and others as members, many of whom have devices that run Zephyr.

    Security vendor Synopsys, who discovered the vulnerabilities, divides the flaws into three high-level categories. Some of the vulnerabilities can lead to remote code execution, while others could be exploited to grab
    confidential information like encryption keys. These are the best endpoint protection tools Check our list of the best firewall apps and services
    Protect your devices with these best antivirus software

    All the reported vulnerabilities can be triggered from within the range of Bluetooth LE. Triggering the vulnerability does not require authentication or encryption, writes Synopsys in its advisory . Connect to exploit

    Synopsys notes that the only requirement for the exploitation of the vulnerabilities is for a Zephyr-powered device to be in advertising mode and accepting connections.

    Speaking to The Register , Matias Karhumaa, senior software engineer at the Synopsys Cybersecurity Research Centre, shared that bluetooth devices like smartwatches , fitness trackers , and medical devices like continuous glucose monitoring sensors operate in the advertising mode to facilitate external devices to connect to them.

    Just last month, researchers at the French National Agency for the Security
    of Information Systems (ANSSI) identified a number of vulnerabilities in two critical Bluetooth services that couldve been exploited to allow attackers to hijack a pairing request in order to conduct Man-in-the-Middle (MitM)
    attacks.

    When questioned about the exploitability of the Zephyr Bluetooth vulnerabilities, Karhumaa shared that he believes businesses shouldnt spend time trying to figure out whether a vulnerability is exploitable in the real-world, and rather work to make it easy to identify, reproduce, and resolve the bugs regardless of their exploitability."

    According to Synopsys advisory, the vulnerabilities were shared with Zephyr back in March 2021, who started fixing them immediately, culminating with the Zephyr 2.6.0 release earlier in June with patches for all the reported vulnerabilities. Take a look at the best Linux laptops for running Linux



    ======================================================================
    Link to news story: https://www.techradar.com/news/wide-range-of-gadgets-at-risk-of-damaging-bluet ooth-security-flaw/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)