登录查看更多内容

BLE Proximity Authentication Vulnerable to Relay Attacks

Cyber Castrum LLP

Strong|Safe|Secure

发布日期: 2022年5月23日

The possibility of relay attacks against BLE proximity authentication has been known for years, but existing public relay attack tooling (based on forwarding GATT requests and responses) introduces detectable levels of latency and is incapable of relaying connections employing link layer encryption. Thus, products commonly attempt to prevent relay attacks by imposing strict GATT response time limits and/or using link layer encryption.

Impact

If an attacker can place a relaying device within signal range of a target BLE device (Victim Device A) trusted for proximity authentication by another device (Victim Device B), then they can conduct a relay attack to unlock and operate Victim Device B.

For Further Reference:

要查看或添加评论，请登录

Cyber Castrum LLP的更多文章

2025年3月12日

Apple patches zero-day bugs used in targeted iPhone attacks

Apple has rolled out emergency patches for a vulnerability in WebKit, the open-source web browser engine primarily used…
2025年2月15日

Unusual attack linked to Chinese APT group combines espionage and ransomware

Researchers have observed a ransomware actor deploying a variant of the PlugX cyberespionage toolset, traditionally…
2024年11月12日

Understanding AI Systems in Cybersecurity Decision-Making

AI in cybersecurity is widely discussed for its ability to enhance and automate traditional security tasks, like…
2024年10月14日

Defending Against Hybrid Password Attacks: A Comprehensive Guide

In the ever-evolving landscape of cybersecurity, threat actors continuously adapt their methods to bypass protective…
2024年10月3日

Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now

A new vulnerability in the LiteSpeed Cache plugin for WordPress has been identified that could allow unauthenticated…
2024年9月13日

The Most Notorious Data Breaches of the 21st Century

In today's world, where data is integral to our daily lives, data breaches are more frequent and devastating than ever…
2024年7月17日

Malicious npm Packages Discovered Concealing Backdoor Code in Image Files

Cybersecurity researchers have discovered two malicious packages on the npm package registry that contained backdoor…
2024年6月14日

11 times the US government got hacked in 2023

In fiscal year 2023, US government agencies reported 11 major information security incidents to the Office of…
2024年6月10日

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Details have emerged about a new critical security flaw in PHP that can be exploited to achieve remote code execution…
2024年5月27日

Kroll cyber threat landscape report: AI assists attackers

AI is simplifying various tasks, but not always for the better—cybercriminals, too, are leveraging it. According to…

See all articles

社区洞察

Encryption

How do you measure the bias and the probability of linear and differential characteristics for a cipher?
Creativity Skills

What are the best ways to protect your creative and innovative outputs?
Journalism

What are the best ways to protect your sources from digital surveillance?

其他会员也浏览了

Dear attacker—insider or outsider—your lateral movement stops here! Analogy to understand VPN vs. ZTNA: Castle Gate vs. Royal Escort

Naga Mohan Gollangi ISO ISMS BCMS 2 个月
Video: User and Entity Behavior Analysis (Core Identity and Access Management Part 5 of 8)

Kayne McGladrey 6 年
Penetration Testing in PwnLab (CTF Challenge)

Rajpal Singh 8 年
"Industrial Demilitarized Zone (IDMZ)"

Kamal Singh 3 年
D-Dangerous Denial Attacks

Hitesh Thakkar 11 个月
Hack the Fristileaks VM (CTF Challenge)

Yashika Dhir 8 年
nzyme - WiFi Defense System

nilesh dalavi 3 年
Active Directory Kill Chain Attack & Defense

nilesh dalavi 3 年
How to protect your webcam from spies

Andrew Atthowe 3 年
How to find IP or Host sharing same domain?

Gopi Narayanaswamy 2 年

Cyber Castrum LLP的更多文章

Apple patches zero-day bugs used in targeted iPhone attacks

Unusual attack linked to Chinese APT group combines espionage and ransomware

Understanding AI Systems in Cybersecurity Decision-Making

Defending Against Hybrid Password Attacks: A Comprehensive Guide

Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now

The Most Notorious Data Breaches of the 21st Century

Malicious npm Packages Discovered Concealing Backdoor Code in Image Files

11 times the US government got hacked in 2023

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Kroll cyber threat landscape report: AI assists attackers

社区洞察

其他会员也浏览了

Dear attacker—insider or outsider—your lateral movement stops here! Analogy to understand VPN vs. ZTNA: Castle Gate vs. Royal Escort

Video: User and Entity Behavior Analysis (Core Identity and Access Management Part 5 of 8)

Penetration Testing in PwnLab (CTF Challenge)

"Industrial Demilitarized Zone (IDMZ)"

D-Dangerous Denial Attacks

Hack the Fristileaks VM (CTF Challenge)

nzyme - WiFi Defense System

Active Directory Kill Chain Attack & Defense

How to protect your webcam from spies

How to find IP or Host sharing same domain?