Hacking nearby devices using bluetooth, even if the bluetooth is off
by zpores - August 12, 2021 at 08:22 PM
#1
The Pegasus project exploits zero click vulnerability, that exposes a greater risk to targets.

In one paper zero click attack is mentioned in depth, I will briefly introduce it but if you want to get straight to it there is the link: https://arxiv.org/pdf/2006.09809.pdf



Brief Intro into zero click attacks using bluetooth technology (NOT COPY PASTE):


Bluetooth technology was originally developed for short-range communication without the use of cables connecting electronic devices. Nowadays, we could see an extensive list where Bluetooth is being used. From thermostats, alarms, medical devices and lightning at home to mobile phones and other appliances.

Three zero-click vulnerabilities have been found in the Broadcom and Cypress Bluetooth stack, that many Apple, Samsung, Raspberry PI  and other devices are using. Including BlueFrag, chip-independent Android RCE(Remote Code Execution) vulnerability.

In phishing attacks target interaction is needed, to press a button or either download a compromised file. In a zero-click attack process of exploiting a system or in other words hacking is done remotely and no interaction is required from the target.

Research paper provides information of RCE on a Bluetooth chip with an ability to escalate privileges beyond the chip’s boundary. Where even turning off bluetooth won’t even help, which makes it very hard to defend against such attack.

RCE vulnerabilities in the operating system are the most severe, however easiest to patch. On the other hand, firmware running on the Bluetooth chip can be vulnerable as well and on-chip vulnerabilites are a security risk that often remains unpatched. This sounds as a perfect target. But keep in mind that to gain code execution on the operating system further vulnerabilites must be exploited on the host stack.
Bluetooth and Wi-Fi run on two separate ARM cores. And they directly communicate with each other without the operating system being involved into this. Using inter-chip escalation a Bluetooth RCE can escalate into Wi-Fi components. And such escalation may even be unpatchable because of the hardware barrier.
Reply
#2
it looks like most of iot devices are vulnerability.
Reply
#3
A lot of devices you really lax security features, nearly everything that can be connected to can be hacked.
Unfortunately, this will not change until manufacturers factor in good security design into their products when they are iterating the idea.
So far, this does not seem like this is the case so it's probably gonna a long road a head.
Reply
#4
Damn fxcking daniel.,that is music to my eyes.
Reply
#5
Hi.. I need to hack a smartphone. But have no access to it directly. Is there a way. Using a link or downloadable attachment sent to them. Kindly help me out. Thanks

[quote="ZeroIce" pid='4233628' dateline='1628951418']
A lot of devices you really lax security features, nearly everything that can be connected to can be hacked.
Unfortunately, this will not change until manufacturers factor in good security design into their products when they are iterating the idea.
So far, this does not seem like this is the case so it's probably gonna a long road a head.


Hi.. I need to hack a smartphone. But have no access to it directly. Is there a way. Using a link or downloadable attachment sent to them. Kindly help me out. Thanks
Reply
#6
I think I've tried it some time ago, but can't get it to work... :(
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
How to use nessus using proxychais mossmoss1234 1 538 January 05, 2022 at 05:50 PM
Last Post: lew1s88
Do you even use SIGNAL? Jke332 49 9,240 September 08, 2021 at 05:16 AM
Last Post: harrydumper
Hackers are increasingly using open source tools for attacks Bonduralts 2 728 February 02, 2021 at 10:23 PM
Last Post: Alpha5050

 Users browsing this thread: 1 Guest(s)