Archive for the ‘Bluetooth Low Energy’ Category

Google warns Bluetooth Titan security keys can be hijacked by nearby hackers

May 15th, 2019
Google warns Bluetooth Titan security keys can be hijacked by nearby hackers

Enlarge (credit: Google)

Google is warning that the Bluetooth Low Energy version of the Titan security key it sells for two-factor authentication can be hijacked by nearby attackers, and the company is advising users to get a free replacement device that fixes the vulnerability.

A misconfiguration in the key’s Bluetooth pairing protocols makes it possible for attackers within 30 feet to either communicate with the key or with the device it’s paired with, Google Cloud Product Manager Christiaan Brand wrote in a post published on Wednesday.

The Bluetooth-enabled devices are one variety of low-cost security keys that, as Ars reported in 2016, represent the single most effective way to prevent account takeovers for sites that support the protection. In addition to the account password entered by the user, the key provides secondary “cryptographic assertions” that are just about impossible for attackers to guess or phish. Security keys that use USB or Near Field Communication are unaffected.

Read 7 remaining paragraphs | Comments

Posted in 2FA, Biz & IT, Bluetooth Low Energy, google, titan security keys, two-factor authentication | Comments (0)

Bluetooth bugs bite millions of Wi-Fi APs from Cisco, Meraki, and Aruba

November 1st, 2018
A Cisco Aironet access point.

Enlarge / A Cisco Aironet access point. (credit: Cisco)

Millions of Wi-Fi access points sold by Cisco, Meraki, and Aruba have two critical vulnerabilities being patched that could allow hackers to run malware inside the sensitive networks that use the gear. While the flaws open corporate networks to some scary attacks, the real-word likelihood of them being exploited is debatable.

In a report published Thursday, security firm Armis said two flaws it found in Bluetooth Low Energy chips manufactured by Texas Instruments can be used to hack the APs that embed them. The BLE chips offer a variety of enhancements to traditional Wi-Fi APs. Retailers, for instance, can use them to monitor customer movements inside stores by monitoring the Bluetooth beacons sent by the customers’ phones. Hospitals can use BLE to keep track of Bluetooth-enabled medical equipment. Cisco (which also makes Meraki gear) and Aruba have both issued patches that users of affected gear should install as soon as possible.

Unfortunately, hackers can also make use of the vulnerable BLE chips to take control of the APs. Attackers armed with small Bluetooth-enabled devices need only two minutes to transmit exploits that install malicious firmware on the vulnerable chips. From there, the malware could install AP firmware that monitors communications, infects end users, or spreads to other parts of a corporate network.

Read 22 remaining paragraphs | Comments

Posted in access points, Biz & IT, BLE, bluetooth, Bluetooth Low Energy, exploits, vulnerabilities, wi-fi | Comments (0)