Many other companies are smart enough to avoid using BLE for proximity authentication (since it was designed for data transfer, not authentication), but given that privacy and security is an afterthought for many companies, many still do.Īll told, it’s just another reminder that dumb tech is often… smarter.įiled Under: bluetooth, hackers, internet of things, laptops, smart locks, vulnerabilitiesĮven in the days of non-electronic keys (1980s-’90s), this was known to happen in large parking lots (where car-doppelgangers were likely to be found).
#Panic mode hacked Bluetooth#
“This research circumvents typical countermeasures against remote adversarial vehicle unlocking and changes the way we need to think about the security of Bluetooth Low Energy communications.”ĭevice makers have implemented a bunch of countermeasures to prevent against BLE attacks like these, but Khan found a way to mitigate those attacks. “Hacking into a car from hundreds of miles away tangibly demonstrates how our connected world opens us up to threats from the other side of the country-and sometimes even the other side of the world,” Sultan Qasim Khan, a principal security consultant and researcher at security firm NCC Group, told Ars.
A relaying device can be placed near where the target device is located or will be located (like by your driveway), and the other attacker can be targeting the device from hundreds of yards - or even miles - away: It’s a form of “relay attack” that usually requires two attackers, one near the target, and one near the phone used to unlock the target.īut this class of attack doesn’t even require two people. The attack exploits a weaknesses in the Bluetooth Low Energy (BLE) standard adhered to by thousands of device makers, including “smart” door locks, cars, laptops, and various “internet of things” devices.
0 kommentar(er)
