Cyber & IT Supervisory Forum - Additional Resources

TLP:GREEN

14.2.2.6 KNOB (Key Negotiation of Bluetooth) An attacker can crack encryption on a Bluetooth conversation and then snoop to see all encrypted traffic as if it was plaintext. 357

 The attacker can erase or inject packets, and ransom or publish the captured details. 358

14.2.2.7 Malicious Applications Leveraging Radio Frequency Interfaces Leveraging a downloaded app, a cybercriminal can access an iPhone’s camera and microphone without permission.

 The attacker can then record and exfiltrate audio and video, and then ransom or publish the compromised information. 359

14.2.2.8 Sweyntooth An attacker within radio range can trigger deadlocks, crashes, and buffer overflows or completely detour security by sending faulty packets over the air. 360

 If successful, this could result in the crash of devices such as medical equipment, potentially causing harm to patients, or other IoT connected devices in offices or homes. 361

14.2.3 Bluetooth Beacons If you own a business or are involved in marketing, you have some level of understanding about how beacon technology works 362 and you may have even received a Google beacon as part of Project Beacon 363 , a program Google launched 364 to send free beacons to businesses with the aim of enabling proximity-based triggers and actions in both the digital and physical world. This Digital Exhaust is based on location-tracking data, gleaned from mobile phone users who have their Bluetooth enabled by default or by accident, as many people do. 365  With the emergence of COVID-19 in 2020, the issue of just how valuable and detailed our collective Digital Exhaust is has been proven by both Google 366 and Facebook 367 who began sharing location-tracking information with various authorities around the world to help them plan their COVID-19 containment strategies.  The data supplied is "anonymized" and "aggregated", so there are no personally identifying markers. But the data does track people's movements - for example, Google's Mobility Reports 368 , which it is made available for 131 countries and regions, show foot traffic trends at various locations over time. 14.2.4 Securing Bluetooth As a wireless data transfer standard, Bluetooth has some associated cybersecurity risks. You do not want unauthorized parties to access the data you are transferring via Bluetooth, nor do you want them to have access to your Bluetooth-enabled devices.

 It helps to know what the security risks with Bluetooth are so you can enjoy all the convenience of the widespread wireless technology while mitigating its risks.

TLP:GREEN