Bluetooth Low Energy vulnerability. US warns against DPRK IT professionals looking for jobs overseas.
In one look.
- Bluetooth Low Energy vulnerability.
- US warns against DPRK IT professionals looking for jobs overseas.
Bluetooth Low Energy vulnerability.
NCC Group researchers have discovered a link layer vulnerability in Bluetooth Low Energy (BLE) systems that affects “millions of vehicles, residential smart locks, commercial building access control systems, smartphones, smartwatches, laptops and more”.
NCC Group said in a press release: “[W]We demonstrate, as a proof-of-concept, that a link-layer relay attack conclusively defeats existing BLE-based proximity authentication applications and proves that very popular products currently use non-compliant BLE proximity authentication. secure in critical applications. By transmitting baseband data at the link layer, the hack bypasses known protections against relay attacks, including encrypted BLE communications, because it bypasses the upper layers of the Bluetooth stack and the need to decipher. »
The vulnerability is inherent in the technology and cannot be patched, but the researchers offer the following mitigations:
- “Manufacturers can reduce risk by disabling proximity key functionality when the user’s phone or key fob has been stationary for a certain period of time (according to accelerometer)
- “System manufacturers should give customers the option of providing a second factor of authentication or user attestation (e.g. pressing an unlock button in an app on the phone)
- “Users of affected products should disable Passive Unlock functionality which does not require explicit user approval, or disable Bluetooth on mobile devices when not required”
US warns against DPRK IT professionals looking for jobs overseas.
The US State Department, US Treasury Department and the FBI issued a joint statement yesterday warning against attempts by North Korean IT workers to gain employment with organizations around the world. The departments said, “These IT professionals are taking advantage of existing demands for specific IT skills, such as software and mobile application development, to secure freelance work contracts with clients around the world, including North America, Europe and East Asia In many In some cases, DPRK IT workers pose as US-based and/or non-North Korean telecommuters Workers may further mask their identity and/or localization by subcontracting work to non-North Koreans. Although DPRK IT workers normally perform separate IT work against malicious cyber activities, they have used the privileged access gained as subcontractors to allow malicious cyber intrusions from the DPRK.Additionally, there are likely cases where workers are subjected to forced labor.
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, offered the following thoughts:
“It is difficult to defend against North Korean nation-state actors, especially when these threats now come from both outside and inside organizations. They are often well funded, very sophisticated and, as we see with this warning from the FBI, able to think outside the box to find new ways to attack networks, as we see now with rogue freelancers hacking from the inside. Our recent research shows that cybercrime has become a primary means of revenue generation in North Korea, and APT groups help it operate outside of international sanctions, funding political and military gains. In fact, it is estimated that up to $2 billion dollars flow directly into North Korea’s weapons program each year as a result of nation-state cybercrime.
“Ultimately, it’s unclear what these rogue freelancers are after. The targets that come to mind are data theft or potentially funds, but we’ve seen in the past that North Korean APT groups have used stolen code signing identities in devastating nation state attacks, so they are likely to be on the table as well.The problem is that currently there is not enough awareness and security around importance of machine identities. This lack of focus allows North Korean cybercriminals to take advantage of a serious blind spot in software supply chain attacks.”