bluetooth – SSL and internet security news

Tracking People via Bluetooth on Their Phones

June 17, 2022 infossl

academic papers, bluetooth, identification, privacy, Security technology, stalking, tracking, Uncategorized

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough. Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused … Read More “Tracking People via Bluetooth on Their Phones” »

Bluetooth Flaw Allows Remote Unlocking of Digital Locks

May 20, 2022 infossl

bluetooth, cars, hacking, locks, Security technology, Uncategorized

Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device attached to a laptop which … Read More “Bluetooth Flaw Allows Remote Unlocking of Digital Locks” »

iPhone Malware that Operates Even When the Phone Is Turned Off

May 18, 2022 infossl

bluetooth, iphone, malware, Security technology, Uncategorized

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip — which is key to making features like Find My work — has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt … Read More “iPhone Malware that Operates Even When the Phone Is Turned Off” »

Cheating on Tests

October 4, 2021 infossl

bluetooth, cheating, india, schools, Security technology, Uncategorized

Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test. What’s interesting is how this cheating was discovered. It’s not that someone noticed the communication devices. It’s that the proctors noticed that cheating test takers were acting hinky. Powered by WPeMatico

Tracking People by their MAC Addresses

September 6, 2021 infossl

bluetooth, Security technology, tracking, Uncategorized, vulnerabilities

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but according to two of the manufacturers NRK … Read More “Tracking People by their MAC Addresses” »

Security Analysis of Apple’s “Find My…” Protocol

March 15, 2021 infossl

academic papers, apple, bluetooth, crowdsourcing, de-anonymization, privacy, reverse engineering, security analysis, Security technology, tracking, Uncategorized

Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an … Read More “Security Analysis of Apple’s “Find My…” Protocol” »

Bluetooth Vulnerability: BIAS

May 26, 2020 infossl

authentication, bluetooth, impersonation, Security technology, securityengineering, vulnerabilities, wireless

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a … Read More “Bluetooth Vulnerability: BIAS” »

Me on COVID-19 Contact Tracing Apps

May 1, 2020 infossl

baserate, bluetooth, covid19, falsenegatives, falsepositives, gps, identification, medicine, privacy, Security technology, surveillance, tracing

I was quoted in BuzzFeed: “My problem with contact tracing apps is that they have absolutely no value,” Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. “I’m not even talking about the privacy concerns, I mean the efficacy. Does anybody think … Read More “Me on COVID-19 Contact Tracing Apps” »

Major Bluetooth Vulnerability

July 25, 2018 infossl

academicpapers, bluetooth, cryptography, encryption, keys, Security technology, vulnerabilities, wifi, wireless

Bluetooth has a serious security vulnerability: In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all … Read More “Major Bluetooth Vulnerability” »

Ridiculously Insecure Smart Lock

June 18, 2018 infossl

bluetooth, locks, physicalsecurity, Security technology

Tapplock sells an “unbreakable” Internet-connected lock that you can open with your fingerprint. It turns out that: The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. Any Tapplock account an unlock every lock. You can open the lock with a screwdriver. Regarding the third flaw, … Read More “Ridiculously Insecure Smart Lock” »