Cybersecurity News

1326 readers

7 users here now

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

videodrome@lemmy.capebreton.social

flynnbot@lemmy.capebreton.social

Bluetooth security flaws reveals all devices launched after 2014 can be hacked (lemmy.world)

submitted 2 years ago* (last edited 1 year ago) by bless@lemmy.world to c/cybersecurity@lemmy.capebreton.social

12 comments fedilink hide all child comments

Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.
The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.
Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

all 15 comments

sorted by: hot top controversial new old

[–] prowess2956@kbin.social 19 points 1 year ago (1 children)

Thanks for sharing this. Just a small clarification: it affects Bluetooth 4.2 through 5.4.

[–] bless@lemmy.world 5 points 1 year ago

Thanks for catching that, updated

[–] chuckleslord@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

[+] Sheeple@lemmy.world -3 points 2 years ago* (last edited 2 years ago) (7 children)

[deleted]

[–] bless@lemmy.world 9 points 2 years ago

Haha I like the spirit but that's not really a fix that's just avoidance.

[–] DogMuffins@discuss.tchncs.de 8 points 1 year ago

Sure mate, do you ever take your car out of the garage or do you just leave it there in case it breaks down on the way to the shops?

I use Bluetooth devices with my phone all day every day. Car, headphones, watch, laptop, speakers. It's fine if you don't, but surely you can recognise that leaving bluetooth on for most people is about functionality rather than mere laziness.

That said, I'm not at all surprised that a vulnerability exists. Consumer tech just isn't built to be resilient in that way.

[–] squiblet@kbin.social 3 points 1 year ago

That would be nice. Personally I have two medical devices that have to be constantly connected to my phone via Bluetooth.

[–] TimLovesTech@badatbeing.social 1 points 1 year ago

That in theory works, if you don't have to listen to music, use a smartwatch, own a wireless keyboard/mouse/headphones, etc. It's in everything, and somethings lose all functionality w/out it.

[–] Squeak@lemmy.world 1 points 1 year ago

That’s like Steve jobs saying ‘you’re holding it wrong’ about the iPhone 4…

[–] ramble81@lemm.ee 0 points 1 year ago

Sure, but I’d like to listen to music… no wait, there’s no longer a 3.5mm jack. Okay, I want to get some information or a call in my car… no wait, there are hands free laws where I can’t hold my phone. Okay, let me check my watch for notifications…. no wait, it can’t connect to my phone now.