Skip to main content

Btlejacking Attack Could Allow a Hacker to Jam and Takeover the Bluetooth Connection
The Btlejacking Attack allows taking control over any Bluetooth Low Energy device, the attack abuses supervision timeout between two connected devices. The supervision timeout defines the time after which the connection is if no valid packets have been received.
Security researcher Damien Cauquil reveal the attack on Aug. 11 Defcon hacker conference and also he published as open-source tool BtleJack that enables you to sniff, jam and hijack Bluetooth Low Energy devices.
Damien Cauquil@virtualabs
Want to discover some BLE voodoo tool and a new vuln impacting all versions (4.x and 5) ? I'll give all the details and demo this in Track 2 at 1200 :) #DEFCON26
34
9:13 PM - Aug 11, 2018
Twitter Ads info and privacy
16 people are talking about this
Twitter Ads info and privacy

The Bluetooth jamming vulnerability can be tracked as CVE-2018-7252 and it affects the Bluetooth Low Energy(BLE) versions 4.0, 4.1, 4.2 and 5. In order to exploit the vulnerability, the attacker should be struck within 5 meters.

BtleJack Tool take-over Btlejacking

BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks but also implements a brand new attack dubbed “BtleJacking” Damien said.
Btlejacking
The BtleJack Tool is capable of sniffing, jamming and hijacking Bluetooth Low Energy devices. All you need is to have a Micro: BIT embedded device worth $15 that created by BBC.

Btlejack Tool Usage

  • Sniff an existing BLE connection.
  • Sniff new BLE connections.
  • Jam an existing BLE connection.
  • Hijack an existing BLE connection (btlejacking).
  • Export captured packets to various PCAP formats.
Btlejacking attack poses a serious risk such as Unauthorized access to the device, Bypass authentication and Keep the device internal state intact which may lead to the data leak.
Starting from Bluetooth v4.2 BLE connections are secure it uses Elliptic Curve Diffie Hellman (ECDH) for key generation. “BLE hijacking is real and should be considered in your threat model,” Damien said.
“To avoid Btlejacking attacks BLE Secure Connections can include code injection protection with authentication code added to all packets that avoid Btlejacking attacks,” Damien said.

Also Read


Comments

Post a Comment

Popular posts from this blog

Phishing Campaigns Targeting Google and Yahoo Accounts To Bypassing Two-Factor Authentication Several phishing campaigns targeting hundreds of individuals across the Middle East and North Africa. The attacker targers HRDs, journalists, political actors. Amnesty International published a report on multiple campaigns that traget self-described “secure email” services, such as Tutanota and ProtonMail and another campaign that aimed in bypassing two-factor authentication. Crafted Phishing Sites – Secure Email Providers The phishing campaign primarily targeted popular secure email service providers such as Tutanota and ProtonMail. Threat actors used a well-crafted phishing page – by obtaining the domain tutanota[.]org, whereas the original domain of the service provider is tutanota[.]com. A phishing attack is one of the dangerous social engineering attacks that leads to capture a victim’s username and password that will get store it to an attacker machine and reuse it l...
Post a Comment
Read more

software development services in noida

Red Securium Company Provide Software Development  Service In Noida Combining technological competency with domain expertise, Red Securium offers full spectrum of custom software design, development and deployment services for enterprises and SMEs to achieve exceptional business results.            Leveraging on its cross-functional width of expertise in application software development , Red Securium has developed the capabilities to build and run resilient applications at scale that seamlessly infuse your innovative ideas. Whether you are in need of the rapid development of a crucial business application or require the deployment and support for an entire suite of applications, we offer full software lifecycle coverage services. We adopt best practices and put highest levels of expertise to drive your technological assets deliver you business excellence and improved ROI. Custom Software Development Services in Noida Enterpri...
Post a Comment
Read more

Tr0ll 1.0 – Vulnhub CTF Challenge Walkthrough

  Tr0ll 1.0 is an intentionally vulnerable machine, which is more of a   CTF  like type than real world scenario. Nevertheless, this machine has its own difficulties and you can learn some new stuff from it. So, let’s start. Enumeration Phase Let’s first run  netdiscover  to find the IP of our machine. netdiscover -r 192.168.1.1/24 After that, we run our typical  nmap  scan to see the open ports in the machine. nmap -A -sS -Pn -vv [target] Great we see many interesting stuff here. First of all, there is an open  FTP  port and we can connect to it with  anonymous access .  Also there is an open  http  port, we will run a nikto scan for it. The  ssh  port will be valuable later. From the nikto scan we got an interesting  /secret/  folder. When we get inside, we can understand why the machine got this name. Nothing interesting here, as you can see. we got trolled Let’s connect ...
Post a Comment
Read more