Cloud Security Tip: KNOB Attack
Bluetooth is a convenient and easy method of sharing data between devices, which, of course, qualifies it as a prime target for exploitation. A trio of researchers has discovered a vulnerability that has the potential of attacking billions of Bluetooth-enabled devices, including phones, laptops, IoT and IIoT technologies.
In short, this Key Negotiation of Bluetooth vulnerability, which has been given the acronym KNOB, exploits the pairing encryption protocol within the Bluetooth Classic wireless technology standard, which supports encryption keys with entropy between 1 and 16 bytes/octets. It inserts between the pairing devices forcing both to agree to encryption with 1 byte or 8 bits of entropy, after which it simply brute-forces the encryption keys.
This is not an easy hack, and relies a lot on time and place, and it does not affect all Bluetooth devices. However, when successful, it can steal data and inject ciphertext. More information is available at knobattack.com.
This tip originally appeared on David Spark's CISO/Security Vendor Relationship Podcast: https://cisoseries.com/rest-assured-were-confident-our-security-sucks/
Видео Cloud Security Tip: KNOB Attack канала OpenVPN
In short, this Key Negotiation of Bluetooth vulnerability, which has been given the acronym KNOB, exploits the pairing encryption protocol within the Bluetooth Classic wireless technology standard, which supports encryption keys with entropy between 1 and 16 bytes/octets. It inserts between the pairing devices forcing both to agree to encryption with 1 byte or 8 bits of entropy, after which it simply brute-forces the encryption keys.
This is not an easy hack, and relies a lot on time and place, and it does not affect all Bluetooth devices. However, when successful, it can steal data and inject ciphertext. More information is available at knobattack.com.
This tip originally appeared on David Spark's CISO/Security Vendor Relationship Podcast: https://cisoseries.com/rest-assured-were-confident-our-security-sucks/
Видео Cloud Security Tip: KNOB Attack канала OpenVPN
Комментарии отсутствуют
Информация о видео
27 ноября 2019 г. 0:55:43
00:01:02
Другие видео канала
How to Install Access Server on Google Cloud Platform (GCP)
Cloud Security Tip: Problems with Pen Testing
Connecting to a Windows Server 2016 Network
Introduction to Source Network Address Translation SNAT
Webinar - Maximizing CloudConnexa for Personal Use
Introduction to CloudConnexa Cyber Shield - Domain Filtering
Columbia Lloyds Insurance Co – Sam Bana shares how and why they use OpenVPN Cloud
OpenVPN Cloud: Full Mesh Topology
Proconex | Teague Chambers on why he trusts OpenVPN Access Server
Access Server Overview Video
OpenVPN Cyber Shield Traffic Filtering Monitoring
Webinar : Setting Up Access Server - The Cake is Not a Lie
#RemoteWorkChronicles: A Sudden Shift in Location
Using Multiple Connectors to Increase Reliability of Remote Access
The History Behind Developing the First VPN Client App for Apple iOS
CloudConnexa (formerly OpenVPN Cloud) for DNS Security
How to Configure SAML with Okta on CloudConnexa
Sirius Computer Solutions | Marvin Parkinson shares how and why they use OpenVPN Access Server
How to Install Access Server on Azure
OpenVPN Access Server Access Control