Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

China University of Science and Technology has found important security loopholes in Bluetooth protocol, which can not be avoided by iOS / Android / Hongmeng devices.

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens for the delivery of the clue of Destiny Stone Gate! CTOnews.com, December 2 (Xinhua) recently, Professor Xue Kaiping of the School of Cyberspace Security of the University of Science and Technology of China has made important progress in the research of Bluetooth security for mobile devices, according to the official news of the University of Science and Technology of China. Team members achieve an effective attack on the target device through Bluetooth protocol vulnerabilities without the user's perception, interaction and cooperation with malicious programs.

The related research results were presented at the top conference in the field of network security ACM Conference on Computer and Communications Security 2022 (CCS 2022) and won the Best Paper Honorable Mention award of the conference. In the course of the study, seven high-risk vulnerabilities and two medium-risk vulnerabilities related to Bluetooth protocol were classified and included by the National Information Security vulnerability sharing platform (CNVD).

According to reports, this study analyzes the security of the classical Bluetooth protocol and finds security vulnerabilities such as non-fixed roles of Bluetooth devices for the first time. Combined with known Bluetooth protocol vulnerabilities, it breaks through various defense mechanisms such as classical Bluetooth authentication, encryption and authorization one by one, and realizes the silent construction of power enhancement attack links without the user's perception and interaction and without the cooperation of malicious programs. The link is used to complete the attacks such as command injection and information theft to the target device.

This research has been widely tested in all kinds of intelligent devices of mainstream operating systems such as Android, iOS, iPadOS, macOS, HarmonyOS and so on, and the relevant vulnerabilities have been found in all the tested devices and the attack process has been completed.

CTOnews.com learned that Ai Mingrui, a doctoral student at the School of Cyberspace Security, is the first author of the paper, and Professor Xue Kaiping of the School of Cyberspace Security is the correspondent author of the paper. Co-authors include Professor Robert of the University of Kansas, Professor Yu Nenghai of the School of Cyberspace Security, researcher Sun Qibin, and Professor Wu Feng of the School of Information Science and Technology.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report