A Bluetooth Flaw Leaves Billions of Devices Vulnerable

The October issue of WIRED took a close, in-depth look at the state of election security. While lots of it isn’t pretty, we did find some pockets of hope. Data scientist Sara-Jayne Terp is on a mission to stamp out misinformation. The former Facebook employees at the nonprofit Acronym are hoping to use the Trump’s 2016 strategies against him. And we dug into the story of STAR-Vote, an audacious plan to secure voting machine tech for good.

There’s more! We talked to Stacey Abrams about how to overcome voter suppression. We looked at how some countries have successfully stymied Russian interference efforts. And we explained how you’ll know for sure that the presidential election results are valid, no matter how loudly Trump yells that they’re going to be rigged.

Plenty of non-election news happened this week as well. Customs and Border Protection seized 2,000 OnePlus Buds, claiming they were counterfeit Apple AirPods. Then they doubled down. The Department of Justice charged Chinese hackers with breaking into video game companies in connection with a digital loot fencing scheme. Cloudflare and the Wayback Machine have joined forces to make sure more sites don’t ever go down.

We took a look at how Gen Z is trying to recruit more poll workers, because the kids truly are all right. And we ran down the safest ways to log into your computer, from strong passwords to biometrics.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

Researchers have disclosed what they call a Bluetooth Low Energy Spoofing Attack, which focuses on the protocol’s reconnection process rather than more common pairing vulnerabilities. With BLESA, the Purdue University team found that it could send spoofed data to a vulnerable device, causing various shenanigans. Windows devices aren’t affected, and Apple has patched the flaw, but the researches said that Android many IoT devices were still susceptible as of June. Given the prevalence of Bluetooth Low Energy devices, the researchers estimate that billions may be impacted. It’s yet another security concern for Bluetooth, whose complexity has made it increasingly harder to secure.

The Department of Justice this week released not one, not two, but three indictments against alleged Iranian hackers. The actual activity detailed in the charges doesn’t come as much of a surprise; it’s a lot of the usual spear-phishing and intelligence gathering, with some website defacement thrown in for good measure. The suspects haven’t been apprehended, and may not ever be given that they’re in Iran. But the DoJ has filed charges with increasing frequency in recent years, hoping to deter them by limiting their travel and exposing their techniques.

The Department of Veterans Affairs this week disclosed that hackers had breached its Office of Finance computer systems and accessed the personal information fo 46,000 veterans. The hackers also appear to have “diverted payments from VA,” though the agency declined to share any details in response to a WIRED inquiry earlier this week. The VA will offer credit monitoring services to veterans who may have had their Social Security numbers stolen as part of the hack.

A recently patched Windows vulnerability would have given attackers who already have a foothold in a network to gain control of the Active Directory, which would have let the hacker run rampant on the system, distributing malware and adding computers as they saw fit. Called “Zerologon,” the attack has a critical severity rating from Microsoft, so please patch. Like, yesterday.


More Great WIRED Stories

social experiment by Livio Acerbo #greengroundit #wired https://www.wired.com/story/bluetooth-vulnerability-iran-indictments-security-news