КЛК 'Владминес'

Объявления => Прошедшие выставки => Тема начата: upamfva от 26 Сентябрь 2022, 04:11:11

Название: New Bluetooth Bug Could Let Hackers Remotely Unlock Smart Locks
Отправлено: upamfva от 26 Сентябрь 2022, 04:11:11
New Bluetooth Bug Could Let Hackers Remotely Unlock Smart Locks

A vulnerability in the Bluetooth technology can be exploited to remotely unlock tens of millions of digital locks worldwide, including those on Tesla cars.To get more news about high security lock manufacturer (https://securamsys.com/), you can visit securamsys.com official website.

Sultan Qasim Khan, a researcher at the NCC Group successfully exploited the flaw to open and drive a Tesla Model 3 and Y model using a device attached to a laptop.
The relay device managed to bridge a large gap between the Tesla and the owner’s phone, making it possible for Khan to drive the car.

If any product is dependent on a trusted Bluetooth connection, then the product is vulnerable to intrusion, even if the attacker is from another continent.
Despite this vulnerability being of concern, it is primarily due to how inexpensive off-the-shelf hardware can easily be used to defeat proximity authentication mechanisms in Bluetooth devices.

It’s so easy to do so that one does not have to understand coding to be able to exploit it. Instead, a Bluetooth developer board is needed to do so, as well as ready-made programs.The same applies to all laptops, smartphones, as well as tablets that have Bluetooth proximity, and unlock features enabled. If you have upgraded your traditional lock to a smart lock, you may also be at risk for theft.

BLE-based authentication was not originally designed to be used in locking mechanisms, so this vulnerability was not like a typical bug that could be fixed by a software patch.

No claims are made regarding the resistance of Bluetooth to relay attacks in the Bluetooth Core Specification. In addition, Section 6 of the Proximity Profile expressly mentions that it is possible to launch a relay attack when using the profile (v1.0.1, updated in 2015).Developers should be encouraged to either implement a user-interaction-based security solution or use technology like UWB time-of-flight technology to secure the Bluetooth devices.

It is recommended that users should be educated about the risks associated with relay attacks for existing systems where hardware modification is not possible.

Moreover, it is also a smart idea to allow users to disable the inferred proximity-based passive entry feature.