Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Heavyweight Bluetooth vulnerabilities billions of devices have been affected since BLUFFS:2014

2024-05-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)12/24 Report--

CTOnews.com, November 30 (Xinhua)-- Network security experts recently reported that there are two completely new security vulnerabilities in the Bluetooth connection protocol. All devices using Bluetooth versions 4.2 to 5.4 are at risk of being hijacked by attackers, affecting all Bluetooth devices since the end of 2014.

Eurecom security expert Daniel Antoniolli (Daniele Antonioli) explained that taking advantage of the loopholes in the two Bluetooth standards, six new types of attacks have been developed, collectively known as "BLUFFS", which can destroy the confidentiality of Bluetooth sessions, impersonate devices or carry out man-in-the-middle (MitM) attacks.

The two vulnerabilities exposed this time are mainly related to the derivation of session keys in the Bluetooth protocol, which are responsible for decrypting the data in the exchange.

The current security tracking number for these two vulnerabilities is CVE-2023-24023, which affects Bluetooth devices using versions 4.2 to 5.4.

Bluetooth is now standard for many devices, and it is estimated that billions of devices, including laptops, smartphones and other mobile devices, will be affected worldwide.

CTOnews.com Note: BLUFFS affects all versions between Bluetooth 4.2, released in December 2014, and the latest version, Bluetooth 5.4, released in February 2023.

Bluetooth SIG (Special Interest Group), the non-profit organization responsible for overseeing the development of Bluetooth standards and licensing the technology, has received a report from Eurecom and posted a statement on its website.

The organization recommends that low key strength connections with less than seven octets be rejected, use "Security Mode 4 Level 4" to ensure a higher level of encryption strength, and run in "secure connection only" mode when pairing.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report