Buzz

Billions of Devices Vulnerable To New ‘BLESA’ Bluetooth Spoofing Attack

An anonymous reader writes: “Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer,” reports ZDNet. Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol, and affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing. A successful BLESA attack allows bad actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to it. In the case of IoT devices, those malicious packets can convince machines to carry out different or new behavior. For humans, attackers could feed a device deceptive information. BLESA impacts billions of devices that run vulnerable BLE software stacks. Vulnerable are BLE software libraries like BlueZ (Linux-based IoT devices), Fluoride (Android), and the iOS BLE stack. Windows’ BLE stack is not impacted.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 3 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.