By Eduard Kovacs on May 25, 2021
Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.
The flaws, discovered by researchers at France’s national cybersecurity agency ANSSI, affect devices that support the Bluetooth Core and Mesh specifications, which define technical and policy requirements for devices operating over Bluetooth connections.
Malicious actors who are within Bluetooth range can exploit the weaknesses to impersonate legitimate devices, according to an advisory published on Monday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.
Advisories for each flaw have also been published by the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards.
What you need to know
Huawei will be launching HarmonyOS on June 2nd.
The company did not say if it would be launching a HarmonyOS smartphone at that time, though reports indicate that there would be a Huawei P50 launch at the same time.
Huawei has been moving away from Android as its primary operating system ever since the U.S. restricted it from working with U.S. tech companies.
Huawei is finally launching HarmonyOS on June 2nd, as per a video shared on its Weibo account and reported by the
South China Morning Post. This is the latest move that Huawei would be making in response to the tradesanctions that severed its smartphone business from both Google and Qualcomm, effectively neutering it.
The two specifications define the technical and policy requirements for devices that want to operate over Bluetooth connections.
The Bluetooth Impersonation Attacks, or BIAS, allow attackers to impersonate a device and to establish a secure connection with a victim without possessing the long-term key shared by the impersonated device and the victim. This bypasses Bluetooth s authentication mechanism. The BIAS attacks are the first uncovering issues related to Bluetooth s secure connection establishment authentication procedures, adversarial role switches, and Secure Connections downgrades, the researchers said. Our attacks are stealthy because the Bluetooth standard does not require to notify end users about the outcome of an authentication procedure, or the lack of mutual authentication.
Let us Play: Smartphone brand Honor lets slip it has gained access to Google Mobile Services licences theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.