Tuesday, June 6, 2023

Galician county Tarlogic found a security flaw in Bluetooth technology

The company, based a few kilometers from Santiago de Compostela, has identified a security error in the technology used by billions of people around the world. This is Tarlogic, one of the Spanish leaders in cyber security, which presented at the computer security event RootedCON 2023, the result of research that shows a critical vulnerability in Bluetooth technology.

This vulnerability, which the company itself named “BlueTrust”, could be used to trace the connections between Bluetooth devices and the networks that form them. The capabilities of this weak security can allow calls to be listened to, interception of messages, access to confidential information or even cyberattacks.

spy phones, computers, televisions and even cars

Bluetooth technology originated about 20 years ago and was initially a way to connect mainly to mobile phones, but over the years it has been used by all devices. Bluetooth is used by mice, TVs or car consoles, cars and locks for security, as well as, of course, personal computers and even household appliances. This vulnerability allows knowing that a device has shared Bluetooth with another, and Tarlogic researchers used it to impersonate and impersonate a Bluetooth device to other devices with which they have a “trusted relationship” (the term Bluetooth binding).

According to Tarlogic, if this vulnerability were exploited, bad actors could carry out this series of actions;

  • To identify a person related to the device, for example, the owner of a certain vehicle.
  • A private place belonging to a person, for example, a home.
  • Extracted information about the habits of phthisical users.
  • In this way, according to Tarlogic, the attackers “were able to accumulate a large amount of information about their victims: their name, home or work email, phone number, their license plate… Personal information that they could use to commit fraud and extortion.”

    BlueTrust as a gateway to cyberattacks

    According to Tarlogic, with BlueTrust these types of cyberattacks can be accomplished;

  • Denial of service due to malicious impersonations. The target device could be forced to restart the existing connection, generating a new pairing process with the device, rendering the real device out of service.
  • The key to capture the exchange. This attack is similar to the previous one, however, in this case, the reconnection between the devices is artificially forced to take the key of the exchange process. With this information, other attacks can be launched, such as forcing a legacy connection via a PIN, or extracting a long-term key to impersonate the device at any time.
  • They attack the man in the middle. Through this type of attack, communications can be intercepted and altered in real time. Thus, criminals could intercept passwords, listen to conversations and access confidential user information, such as passwords or banking information.
  • World Nation News Desk
    World Nation News Deskhttps://worldnationnews.com/
    World Nation News is a digital news portal website. Which provides important and latest breaking news updates to our audience in an effective and efficient ways, like world’s top stories, entertainment, sports, technology and much more news.
    Latest news
    Related news


    Please enter your comment!
    Please enter your name here