Nemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · edit-22 days agoUndocumented backdoor found in Bluetooth chip used by a billion deviceswww.bleepingcomputer.comexternal-linkmessage-square32fedilinkarrow-up1185arrow-down12cross-posted to: technology@lemmy.worldprivacyguides@lemmy.onehomeassistant@lemmy.worldcybersecurity@infosec.pubhackernews@lemmy.bestiver.se
arrow-up1183arrow-down1external-linkUndocumented backdoor found in Bluetooth chip used by a billion deviceswww.bleepingcomputer.comNemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · edit-22 days agomessage-square32fedilinkcross-posted to: technology@lemmy.worldprivacyguides@lemmy.onehomeassistant@lemmy.worldcybersecurity@infosec.pubhackernews@lemmy.bestiver.se
minus-squareFermiverse@gehirneimer.delinkfedilinkarrow-up41·2 days agoThis is really bad as most cheap IOT devices using this chip will not receive an update all. Would like to see a smartphone app testing this out via bluetooth so we could do some damage control at least and take them offline.
minus-squareJustinTheGM@ttrpg.networklinkfedilinkEnglisharrow-up10arrow-down1·1 day agoThe ‘S’ in IOT stands for Secure
minus-squarepimento64@sopuli.xyzlinkfedilinkEnglisharrow-up2·1 day ago Have IOT device It’s not secure How could this have happened???
minus-squareSanctimoniousApe@lemmings.worldlinkfedilinkEnglisharrow-up4·2 days agoAm I misunderstanding the article? It seemed to imply remote intrusion required either Bluetooth proximity, or physical USB access.
minus-squareFermiverse@gehirneimer.delinkfedilinkarrow-up13·2 days agoCorrect, but as bluetooth is possible over a certain range, “drive by attacks” might be possible.
minus-squareThe_Decryptor@aussie.zonelinkfedilinkEnglisharrow-up2·1 day agoThe “attack” is from the host side, any remote attack is theoretical and would depend on exploiting the software on the host first to then gain access to the BT chip.
This is really bad as most cheap IOT devices using this chip will not receive an update all.
Would like to see a smartphone app testing this out via bluetooth so we could do some damage control at least and take them offline.
The ‘S’ in IOT stands for Secure
How could this have happened???
Am I misunderstanding the article? It seemed to imply remote intrusion required either Bluetooth proximity, or physical USB access.
Correct, but as bluetooth is possible over a certain range, “drive by attacks” might be possible.
The “attack” is from the host side, any remote attack is theoretical and would depend on exploiting the software on the host first to then gain access to the BT chip.