Skip to main content

Btlejacking Attack Could Allow a Hacker to Jam and Takeover the Bluetooth Connection
The Btlejacking Attack allows taking control over any Bluetooth Low Energy device, the attack abuses supervision timeout between two connected devices. The supervision timeout defines the time after which the connection is if no valid packets have been received.
Security researcher Damien Cauquil reveal the attack on Aug. 11 Defcon hacker conference and also he published as open-source tool BtleJack that enables you to sniff, jam and hijack Bluetooth Low Energy devices.
Damien Cauquil@virtualabs
Want to discover some BLE voodoo tool and a new vuln impacting all versions (4.x and 5) ? I'll give all the details and demo this in Track 2 at 1200 :) #DEFCON26
34
9:13 PM - Aug 11, 2018
Twitter Ads info and privacy
16 people are talking about this
Twitter Ads info and privacy

The Bluetooth jamming vulnerability can be tracked as CVE-2018-7252 and it affects the Bluetooth Low Energy(BLE) versions 4.0, 4.1, 4.2 and 5. In order to exploit the vulnerability, the attacker should be struck within 5 meters.

BtleJack Tool take-over Btlejacking

BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks but also implements a brand new attack dubbed “BtleJacking” Damien said.
Btlejacking
The BtleJack Tool is capable of sniffing, jamming and hijacking Bluetooth Low Energy devices. All you need is to have a Micro: BIT embedded device worth $15 that created by BBC.

Btlejack Tool Usage

  • Sniff an existing BLE connection.
  • Sniff new BLE connections.
  • Jam an existing BLE connection.
  • Hijack an existing BLE connection (btlejacking).
  • Export captured packets to various PCAP formats.
Btlejacking attack poses a serious risk such as Unauthorized access to the device, Bypass authentication and Keep the device internal state intact which may lead to the data leak.
Starting from Bluetooth v4.2 BLE connections are secure it uses Elliptic Curve Diffie Hellman (ECDH) for key generation. “BLE hijacking is real and should be considered in your threat model,” Damien said.
“To avoid Btlejacking attacks BLE Secure Connections can include code injection protection with authentication code added to all packets that avoid Btlejacking attacks,” Damien said.

Also Read


Comments

Post a Comment

Popular posts from this blog

Information Security Analyst Interview Questions

Top 12 Information Security Analyst Interview Questions & Answers 1) Explain what is the role of information security analyst? From small to large companies role of information security analyst includes Implementing security measures to protect computer systems, data and networks Keep himself up-to-date with on the latest intelligence which includes hackers techniques as well Preventing data loss and service interruptions Testing of data processing system and performing risk assessments Installing various security software like firewalls, data encryption and other security measures Recommending security enhancements and purchases Planning, testing and implementing network disaster plans Staff training on information and network security procedures 2) Mention what is data leakage? What are the factors that can cause data leakage? The separation or departing of IP from its intended place of storage is known as data leakage.  The factors that are respons...
Post a Comment
Read more

EaseUS Data Recovery Wizard Review

Take a look at a modern, digital camera today, and you’ll probably find it uses an SD card in order to save information. These small, convenient little disks can carry a lot of information on them, and can easily transfer your information from camera to computer.   Unfortunately, SD cards also come with a drawback. They are small, fragile, and easily damaged. Forget the SD card in your pocket until you discover it in the washer, or scratch it up taking it in and out of the camera, and you may end up being unable to access your data. Sometimes this is not a big deal, and you simply go and get another SD card. At other times, the loss of the priceless pictures or other information on that card is enough to leave you scrambling to look up SD card recovery on Google. If you looked, you might have a bit of sticker shock. SD card recovery can cost as much as $3,000 to get your lost data back, depending on how many GB of data were stored. Even cheap options can run you $400, f...
Post a Comment
Read more

Tr0ll 1.0 – Vulnhub CTF Challenge Walkthrough

  Tr0ll 1.0 is an intentionally vulnerable machine, which is more of a   CTF  like type than real world scenario. Nevertheless, this machine has its own difficulties and you can learn some new stuff from it. So, let’s start. Enumeration Phase Let’s first run  netdiscover  to find the IP of our machine. netdiscover -r 192.168.1.1/24 After that, we run our typical  nmap  scan to see the open ports in the machine. nmap -A -sS -Pn -vv [target] Great we see many interesting stuff here. First of all, there is an open  FTP  port and we can connect to it with  anonymous access .  Also there is an open  http  port, we will run a nikto scan for it. The  ssh  port will be valuable later. From the nikto scan we got an interesting  /secret/  folder. When we get inside, we can understand why the machine got this name. Nothing interesting here, as you can see. we got trolled Let’s connect ...
Post a Comment
Read more