In this article, the authors want to present an example of exploiting a trust relationship between two technical devices that can put the confidentiality of sensitive data or the integrity of a computer system at risk. This trust relationship they exploit exists between two Bluetooth devices: On the one side a computer system you want to remain secure and you don't want to be compromised, for example your laptop, or your smartphone, and on the other side a Bluetooth device you usually do not consider worth protecting with special diligence as it simply is an output device of a specific kind and does not persistently store any of your valuable data locally, for example headphones.
ca29bc7edd73c43f926cb262ce678f74This whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).
066966c0a18d2c6ee4c885c5fb48bd21Whitepaper call Of Mice and Keyboards. This write up gives you an overview on the security of modern wireless desktop sets.
82baeb29b56fe4569ce8c6faa36623bcSySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools.
1e8305e16302deb63edb52838d0c7462Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks.
a3a3c861fb87e50b2b55f27ad648bf87Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks.
986c6dfe8cf2a30966c91003e6ec3f37Microsoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.
54d372628a150a3fca1374e2a5247216Wireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.
b2e2f5586748b67b748f9ac80253a72fMicrosoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).
b8100d53ca3844d785d9989a182491f2The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
786794983fa22e6d262be85e6012d757The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
6c60fa01fe36c0ed55e8b489eff1ab20The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
24cbc381780c56dd465a278120f568d4CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.
8c597da97e25637517b491380da4f20eMicrosoft Wireless Desktop 2000 suffers from insufficient verification of data authenticity and mouse spoofing vulnerabilities.
b73986f6554a8d1cc61cf81fe43805d5Perixx Computer PERIDUO-710W suffers from cryptographic issues and keystroke injection vulnerabilities.
d7c52d85bb5b49cc8ba2df7470e40e92Perixx Computer PERIDUO-710W suffers from insufficient protection of code (firmware) and data (cryptographic key).
893f9fb25ddb889ffc5c7e651bfda60dPerixx Computer PERIDUO-710W suffers from cryptographic issues and replay attack vulnerabilities.
5be987af40b71d5a2d3ad6e4b4b03329Logitech K520 keyboards suffer form cryptographic issues and insufficient protection against replay attacks.
bea8cd212923ab57d2182710fd2e5fa5CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and keystroke injection vulnerabilities.
9d35173008df1e662621e74e12145316CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from insufficient protection of code (firmware) and data (cryptographic key).
a5bda9c4b73d8d0528c8893427361434
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed