oldtimer - dog new tricks

bentech · Post by **bentech** » Fri Oct 06, 2017 8:14 pm

'Our minds can be hijacked': the tech insiders who fear a smartphone dystopia

https://www.theguardian.com/technology/ ... y-dystopia" onclick="window.open(this.href);return false;

bentech · Post by **bentech** » Sat Oct 07, 2017 2:35 pm

You keep your bluetooth turned off right?

Intrinsic · Post by **Intrinsic** » Wed Oct 11, 2017 4:11 pm

^^ only to save power, Bluetooth broadcasting is fairly innocuous, i think. i mean if your playing music with it as intended. what else could get one in trouble?

Intrinsic · Post by **Intrinsic** » Wed Oct 11, 2017 4:15 pm

Thanks deran, i'll chew over yer post later but first ...
Downloading Kali to check it out.
But i don't know what penetration here means. might be moot for me since my phone is not rooted, but my home linux systems intrinsically are.

bentech · Post by **bentech** » Wed Oct 11, 2017 6:09 pm

Intrinsic wrote:^^ only to save power, Bluetooth broadcasting is fairly innocuous, i think. i mean if your playing music with it as intended. what else could get one in trouble?

An anonymous reader quotes a report from Bleeping Computer:
Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device."
Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Android App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices (bleepingcomputer.com)

https://slashdot.org/index2.pl?fhfilter=bluetooth" onclick="window.open(this.href);return false;

Intrinsic · Post by **Intrinsic** » Fri Oct 13, 2017 4:43 pm

^^Thanks Ben. fwiw i looked over the PDF BT flaws. i as make it out the vulnerabilities are wholly dependent on the software using the bt hardware.

I still don't see how code (worm) can be transmitted and executed with bt protocols. but i do see how bt could be use to gleen some small info from yer phone. I'm a paranoid skitsoid, but i'm skeptical. Now that NFC tech Deran mentioned above is scary - outside of hitting on women.

Stiil it is a good idea to tun bt off when not i use, as just being polite in a public as others may be needing the ether or just radiating peeps with unnecessary RF radiation.

Post by **Jesús Malverde** » Sat Oct 14, 2017 10:12 pm

Battery saver power modes will generally leave BT off by default. Like GPS, it eats battery.

bentech · Post by **bentech** » Mon Oct 30, 2017 12:15 am

An anonymous reader quotes Bleeping Computer:
Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object. The act of taking the photo comes to replace the cumbersome process of using crypto-based hardware security keys (e.g., YubiKey devices) or entering verification codes received via SMS or voice call. The new system is named Pixie, and researchers argue it is more secure than the aforementioned solutions.

Pixie works by requiring users to choose an object as their 2FA key. When they set up the Pixie 2FA protection, they take an initial photo of the object that will be used for reference. Every time users try to log into their account again, they re-take a photo of the same object, and an app installed on their phone compares the two photos... In automated tests, Pixie achieved a false accept rate below 0.09% in a brute force attack with 14.3 million authentication attempts. An Android app is available for testing here.

https://github.com/casprlab/pixie" onclick="window.open(this.href);return false;

https://it.slashdot.org/story/17/10/29/ ... ry-objects" onclick="window.open(this.href);return false;