Últimas notícias

Fique informado

Bluetooth Flaw Could Let Hackers Attack You Wirelessly From 800 Feet Away

14/09/2020

Spotlight

A sanção da Lei 14.063 de 2020, segundo agência Senado.

A nova lei cria dois novos tipos de assinatura eletrônica em comunicações com entes públicos e em questões de saúde: simples e avançada.

25/09/2020

Lei Geral de Proteção de Dados Brasileira – LGPD começa a valer

Começa a valer nesta sexta 18 de setembro de 2020 conforme o texto aprovado pelo Senado .

18/09/2020

Como gerenciar Identidades Digitais em empresas públicas e privadas? Ouça

Sobre como gerenciar eIDs, conversamos com Luís Correia – Business Development da AET EUROPE, empresa global na área de soluções de segurança digital.

02/09/2020

Performance Improvements via Formally-Verified Cryptography in Firefox

Cryptographic primitives, while extremely complex and difficult to implement, audit, and validate, are critical for security on the web.

07/07/2020

Maximum SSL/TLS Certificate Validity is Now One Year. By Patrick Nohe

Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days). This change was first announced by Apple, at the CA/Browser Forum Spring Face-to-Face event in Bratislava back in March.

01/07/2020

Your laptop, smartphone or tablet’s Bluetooth chip provides an easy way to connect wireless speakers, keyboards and other accessories. It may also be opening you up to a nasty new cyber attack

By Lee Mathews

Lee Mathews – Contributor at Forbes

Two independent teams of researchers, one from Purdue University and another at the École polytechnique fédérale de Lausanne, identified a new flaw that affects Bluetooth 4.0 and Bluetooth 5.0. This new vulnerability has been dubbed BLURtooth.

Both version allow connections from a fair distance away — up to 200 feet for Bluetooth 4.0 and around 800 feet for Bluetooth 5.0. A malicious hacker could potentially attack a vulnerable device from more than two football fields away.

What makes a device vulnerable? It has to support both the Bluetooth Basic Rate/Enhanced Data Rate and Bluetooth Low Energy protocol and protocols. It also has to support Cross-Transport Key Derivation (CTKD) for device pairing.

That covers a broad swath of Bluetooth-enabled devices, from smartphones to fitness trackers to speakers. According to the researchers, any of these devices could be compromised wirelessly by an attacker.

Properly exploited, BLURtooth would allow the attacker to pair his or her own devices without the user’s knowledge. No prompt would ever appear asking the user to confirm the connection or enter a PIN because the attacker is able to either overwrite encryption keys or forced the connection to use weaker encryption.

Once connected, the attacker could “gain additional access to profiles or services that are not otherwise restricted.” These ‘man-in-the-middle’ attacks could allow a hacker to do things like steal keystrokes or eavesdrop on audio.

The research team has disclosed the BLURtooth vulnerability to Bluetooth SIG, which in turn began notifying hardware vendors. The researchers note that the SIG has provided guidance on how the threat can be mitigated — including only allowing pairing operations when a user manually enables pairing mode.

Many devices will require either software or firmware updates. While assurances have been made that those patches will be delivered, there’s really no way to know how long it will take at this point.

It’s an incredibly complicated proposal given the wide variety of devices impacted. Fortunately, there are certain ones that can be protected right now.

The newer Bluetooth 5.1 standard already supports features that should be able to prevent a BLUR attack. Manufacturers of devices utilizing Bluetooth 5.1 may be able to deliver patches much more rapidly.

Source: Forbes

North Korea-Linked Hackers Are Now Spreading Their Own Ransomware

The Future of Privacy – Why Using and Protecting Personal Data Is a Vital Business Imperative

Safe handling of digital identities: 5 key questions.

Content Syndication

Content Syndication – the content distribution is a method of republishing content developed by your company on other websites to reach a wider audience and bring new visitors to your site. Contact us about Content Syndication, contato@cryptoid.com.br | +55 11 3881 0019.

Surprise yourself with the quality of our audience! Media Kit.