Entries Tagged "Bluetooth"

Page 2 of 3

Hacking Fitbit

This is impressive:

“An attacker sends an infected packet to a fitness tracker nearby at bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near,” Apvrille says.

“[When] the victim wishes to synchronise his or her fitness data with FitBit servers to update their profile … the fitness tracker responds to the query, but in addition to the standard message, the response is tainted with the infected code.

“From there, it can deliver a specific malicious payload on the laptop, that is, start a backdoor, or have the machine crash [and] can propagate the infection to other trackers (Fitbits).”

That’s attacker to Fitbit to computer.

Posted on October 22, 2015 at 1:20 PMView Comments

Firechat

Firechat is a secure wireless peer-to-peer chat app:

Firechat is theoretically resistant to the kind of centralized surveillance that the Chinese government (as well as western states, especially the US and the UK) is infamous for. Phones connect directly to one another, establish encrypted connections, and transact without sending messages to servers where they can be sniffed and possibly decoded.

EDITED TO ADD (10/1): Firechat has security issues.

Posted on October 1, 2014 at 2:25 PMView Comments

Security Risks from Remote-Controlled Smart Devices

We’re starting to see a proliferation of smart devices that can be controlled from your phone. The security risk is, of course, that anyone can control them from their phones. Like this Japanese smart toilet:

The toilet, manufactured by Japanese firm Lixil, is controlled via an Android app called My Satis.

But a hardware flaw means any phone with the app could activate any of the toilets, researchers say.

The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave’s Spiderlabs information security experts reveals.

This particular attack requires Bluetooth connectivity and doesn’t work over the Internet, but many other similar attacks will. And because these devices send to have their code in firmware, a lot of them won’t be patchable. My guess is that the toilet’s manufacturer will ignore it.

On the other end of your home, a smart TV protocol is vulnerable to attack:

The attack uses the Hybrid Broadcast Broadband TV (HbbTV) standard that is widely supported in smart television sets sold in Europe.

The HbbTV system was designed to help broadcasters exploit the internet connection of a smart TV to add extra information to programmes or so advertisers can do a better job of targeting viewers.

But Yossef Oren and Angelos Keromytis, from the Network Security Lab, at Columbia University, have found a way to hijack HbbTV using a cheap antenna and carefully crafted broadcast messages.

The attacker could impersonate the user to the TV provider, websites, and so on. This attack also doesn’t use the Internet, but instead a nearby antenna. And in this case, we know that the manufacturers are going to ignore it:

Mr Oren said the standards body that oversaw HbbTV had been told about the security loophole. However, he added, the body did not think the threat from the attack was serious enough to require a re-write of the technology’s security.

Posted on June 10, 2014 at 8:24 AMView Comments

Bluetooth-Controlled Door Lock

Here is a new lock that you can control via Bluetooth and an iPhone app.

That’s pretty cool, and I can imagine all sorts of reasons to get one of those. But I’m sure there are all sorts of unforeseen security vulnerabilities in this system. And even worse, a single vulnerability can affect all the locks. Remember that vulnerability found last year in hotel electronic locks?

Anyone care to guess how long before some researcher finds a way to hack this one? And how well the maker anticipated the need to update the firmware to fix the vulnerability once someone finds it?

I’m not saying that you shouldn’t use this lock, only that you understand that new technology brings new security risks, and electronic technology brings new kinds of security risks. Security is a trade-off, and the trade-off is particularly stark in this case.

Posted on May 16, 2013 at 8:45 AMView Comments

Hacking Tool Disguised as a Power Strip

This is impressive:

The device has Bluetooth and Wi-Fi adapters, a cellular connection, dual Ethernet ports, and hacking and remote access tools that let security professionals test the network and call home to be remotely controlled via the cellular network. The device comes with easy-to-use scripts that cause it to boot up and then phone home for instructions.

A “text-to-bash” feature allows sending commands to the device using SMS messages. Power Pwn is preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools and. It really can function as a 120/240v AC outlet strip.

It was funded with DARPA money.

Posted on July 31, 2012 at 6:30 AMView Comments

A 24/7 Wireless Tracking Network

It’s at MIT:

MIT’s newly upgraded wireless network — extended this month to cover the entire school — doesn’t merely get you online in study halls, stairwells or any other spot on the 9.4 million square foot campus. It also provides information on exactly how many people are logged on at any given location at any given time.

It even reveals a user’s identity if the individual has opted to make that data public.

MIT researchers did this by developing electronic maps that track across campus, day and night, the devices people use to connect to the network, whether they’re laptops, wireless PDAs or even Wi-Fi equipped cell phones.

WiFi is certainly a good technology for this sort of massive surveillance. It’s an open and well-standardized technology that allows anyone to go into the surveillance business. Bluetooth is a similar technology: open and easy to use. Cell phone technologies, on the other hand, are closed and proprietary. RFID might be the preferred surveillance technology of the future, depending on how open and standardized it becomes.

Whatever the technology, privacy is a serious concern:

While every device connected to the campus network via Wi-Fi is visible on the constantly refreshed electronic maps, the identity of the users is confidential unless they volunteer to make it public.

Those students, faculty and staff who opt in are essentially agreeing to let others track them.

“This raises some serious privacy issues,” Ratti said. “But where better than to work these concerns out but on a research campus?”

Rich Pell, a 21-year-old electrical engineering senior from Spartanburg, S.C., was less than enthusiastic about the new system’s potential for people monitoring. He predicted not many fellow students would opt into that.

“I wouldn’t want all my friends and professors tracking me all the time. I like my privacy,” he said. “I can’t think of anyone who would think that’s a good idea. Everyone wants to be out of contact now and then.”

Posted on November 4, 2005 at 12:44 PMView Comments

Bluetooth Spam

Advertisers are beaming unwanted content to Bluetooth phones at a distance of 100 meters.

Sure, it’s annoying, but worse, there are serious security risks. Don’t believe this:

Furthermore, there is no risk of downloading viruses or other malware to the phone, says O’Regan: “We don’t send applications or executable code.” The system uses the phone’s native download interface so they should be able to see the kind of file they are downloading before accepting it, he adds.

This company might not send executable code, but someone else certainly could. And what percentage of people who use Bluetooth phones can recognize “the kind of file they are downloading”?

We’ve already seen two ways to steal data from Bluetooth devices. And we know that more and more sensitive data is being stored on these small devices, increasing the risk. This is almost certainly another avenue for attack.

Posted on August 23, 2005 at 12:24 PMView Comments

Eavesdropping on Bluetooth Automobiles

This is impressive:

This new toool is called The Car Whisperer and allows people equipped with a Linux Laptop and a directional antenna to inject audio to, and record audio from bypassing cars that have an unconnected Bluetooth handsfree unit running. Since many manufacturers use a standard passkey which often is the only authentication that is needed to connect.

This tool allows to interact with other drivers when traveling or maybe used in order to talk to that pushy Audi driver right behind you 😉 . It also allows to eavesdrop conversations in the inside of the car by accessing the microphone.

EDITED TO ADD: Another article.

Posted on August 2, 2005 at 1:41 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.