Nemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · edit-22 days agoUndocumented backdoor found in Bluetooth chip used by a billion deviceswww.bleepingcomputer.comexternal-linkmessage-square32fedilinkarrow-up11arrow-down10cross-posted to: technology@lemmit.onlineprivacyguides@lemmy.onetechnology@beehaw.orgcybersecurity@infosec.pub
arrow-up11arrow-down1external-linkUndocumented backdoor found in Bluetooth chip used by a billion deviceswww.bleepingcomputer.comNemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · edit-22 days agomessage-square32fedilinkcross-posted to: technology@lemmit.onlineprivacyguides@lemmy.onetechnology@beehaw.orgcybersecurity@infosec.pub
minus-squareFermiverse@gehirneimer.delinkfedilinkarrow-up0·2 days agoThis is really bad as most cheap IOT devices using this chip will not receive an update all. Would like to see a smartphone app testing this out via bluetooth so we could do some damage control at least and take them offline.
minus-squareJustinTheGM@ttrpg.networklinkfedilinkEnglisharrow-up0·2 days agoThe ‘S’ in IOT stands for Secure
minus-squarepimento64@sopuli.xyzlinkfedilinkEnglisharrow-up0·2 days ago Have IOT device It’s not secure How could this have happened???
minus-squareSanctimoniousApe@lemmings.worldlinkfedilinkEnglisharrow-up0·2 days agoAm I misunderstanding the article? It seemed to imply remote intrusion required either Bluetooth proximity, or physical USB access.
minus-squareThe_Decryptor@aussie.zonelinkfedilinkEnglisharrow-up0·2 days agoThe “attack” is from the host side, any remote attack is theoretical and would depend on exploiting the software on the host first to then gain access to the BT chip.
minus-squareFermiverse@gehirneimer.delinkfedilinkarrow-up0·2 days agoCorrect, but as bluetooth is possible over a certain range, “drive by attacks” might be possible.
This is really bad as most cheap IOT devices using this chip will not receive an update all.
Would like to see a smartphone app testing this out via bluetooth so we could do some damage control at least and take them offline.
The ‘S’ in IOT stands for Secure
How could this have happened???
Am I misunderstanding the article? It seemed to imply remote intrusion required either Bluetooth proximity, or physical USB access.
The “attack” is from the host side, any remote attack is theoretical and would depend on exploiting the software on the host first to then gain access to the BT chip.
Correct, but as bluetooth is possible over a certain range, “drive by attacks” might be possible.