Jump to content
  • A serious vulnerability is found in the Bluetooth standard


    DeZire

    The organization for standardization of Bluetooth technology reported a vulnerability found in the encryption Protocol of the popular standard. Using a "hole" in the encryption standard, an attacker can gain access to information on the device and intercept the traffic that the gadgets exchange with each other.

    A serious vulnerability is found in the Bluetooth standard

    When the key is matched at the time of pairing, the devices exchange the alphanumeric combination to establish the connection. It is at this point that the hacker can intercept the key and make it short, which will allow the attack by brute force. Having gained access to the established connection, the attacker is able to fully control the traffic transmitted between the devices.

    To carry out such an attack, several conditions must be met: the attacker must be within the range of the established connection, and both attacked gadgets must use Bluetooth BR/EDR, and the vulnerability will affect each of the devices.

    After detecting a defect in the standard, the researchers checked 16 models of popular wireless controllers — all of them were exposed to this type of hacking. This is due to the fact that the Bluetooth specification does not require a minimum key length. Major manufacturers have already released vulnerability-fixing updates. Consumers can only install the appropriate patches on vulnerable devices with Bluetooth.



    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By DeZire
      Despite Google’s constant attempts to make the Android operating system as secure as possible, hackers do not waste time in vain and find more and more breaches in its security. Another vulnerability is related to the Bluetooth interface and can lead to serious consequences for the owner of a hacked smartphone.

      Vulnerability BlueFag allows hackers in the "silent" mode to transfer malware to smartphones running Android 8 Oreo and Android 9 Pie. In this case, the owner of the device will not receive any warning that any files have been sent to the gadget.
      It is enough for an attacker to find out the MAC address of the Bluetooth module of the device, which is often easy to calculate by the MAC address on a Wi-Fi network since smartphone manufacturers usually use a single module for both protocols.
      ERNW specialists specializing in computer security noted that the BlueFag vulnerability does not work on smartphones running Android 10. As for the versions of the green robot released before Android 8, it is possible that they are also subject to hacking.
      Google has not yet responded to this vulnerability, and ERNW experts only recommend updating the smartphone to Android 10, or, if the gadget is guaranteed to not get an update, change it to a new one.
    • By DeZire
      Smartphones and laptops have long been perceived by users as harmless devices for content consumption, work, and entertainment. But a recently published study indicates that these gadgets can be used by attackers not only as objects of hacking but also as a dangerous weapon.

      Specialist in the field of cybersecurity Matt Wixey published the results of a study he found the vulnerability of a number of electronic devices. Weak points of smartphones, laptops, Bluetooth-speakers, wireless headphones, and Handsfree systems, the researcher called the possibility of hackers to access the settings of gadgets.
      By gaining appropriate access, an attacker can implement an algorithm to continuously play deafening or disorienting sounds at high or low frequencies, thereby harming human health.
      For the implementation of the attack is sufficient to have a Wi-Fi or Bluetooth connection. Wixey tested his hypothesis in practice by hacking several devices through a scanner program and forcing them to play sounds-stimuli through the built-in speakers. In one of these experiments, the forced reproduction of such sounds led to the failure of the gadget. The expert noted that the testing was carried out in a soundproof room, and no one was involved in the series of experiments.
    • By DeZire
      Today WhatsApp has an audience of about 1.5 billion people around the world. Despite such an extensive user base, the developers still have not eliminated the vulnerability that allows you to intercept messages in personal and group correspondence.

      At the Black Hat 2019 conference in Las Vegas, several options were demonstrated for exploiting the vulnerability with which hackers can:
      Correct messages by modifying them so that the recipient does not suspect that the author of the text was not the sender. Manage the citation function by referring to non-existent messages. Create the appearance that the message is sent to a single recipient, while it can get the whole community or a group of users. About all these flaws programmers told WhatsApp developers in August last year. To date, only the last "hole" with group mailing has been eliminated, while the use of two other options for message manipulation is still relevant.
      In addition, using the web version of WhatsApp, hackers are able to decrypt any correspondence. The interception of the access keys occurs at the time of creating the QR code. While the user starts the camera from the menu of the mobile client, the hacker intercepts a pair of encryption keys and after a successful connection gets access to the correspondence in unencrypted form. With such an access interception, it becomes possible to use the vulnerabilities mentioned above.
      Facebook, which owns WhatsApp, previously commented that to fix such vulnerabilities can not "due to infrastructure restrictions" and the need to compromise between privacy and security. A solution may be a full desktop client, which is currently being worked on by the developers of the messenger.
    • By DeZire
      The developers of Telegram and WhatsApp have repeatedly stated about the security of their messengers with encryption. But as it turned out, user privacy depends on other factors: the network has a description of an unusual method of fraud using popular Android-applications.
      Symantec experts have published information about the vulnerability of Media File Jacking for Android versions of these messengers. The attack on users was carried out by means of interception of media files bypassing encryption algorithms. Telegram and WhatsApp store the received images either in the internal storage of the messenger or in the external memory. The latter becomes a source of leakage of user files.
      When hackers gain access to external storage using malware, they are able to edit or replace user files. Using the vulnerability, an attacker can edit the image and replace the number of the Bank card or the sender's account with his own. Experts say that this feature of Android-applications is known for a long time, and users have to choose between privacy and advanced functionality when storing data on external drives.

      Using the same vulnerability, attackers can fake audio messages or spread fake news. According to the source, representatives of WhatsApp have already reported the closure of the vulnerability with the latest version of the messenger. Telegram developers have not commented on the situation.
    • By Priyanka
      Already at the beginning of this year, Apple has managed to be noted in several scandalous stories related to the privacy of iPhone users. The last in the spotlight was the vulnerability of the branded messenger, and recently foreign users reported the possibility of data theft by popular applications from the App Store. The company promptly responded to the appeal and took tough measures against a number of mobile developers.

      The "blacklist" of the company got a number of applications, including Hotels.com, Expedia, Abercrombie & Fitch, Air Canada, and Singapore Airlines. All "violators" used the platform Glassbox, which allows you to record from the screen of the device, as well as to save the history of gestures and input data from the keyboard.
      Thus, all actions of the iPhone owner could be saved and transferred to third parties without his knowledge. The compromised information could include passport and credit card numbers, account passwords, real name, and residential address.
      Apple representatives confirmed that such actions violate the rules of publishing applications in the App Store. The use of analytical services is not prohibited, however, the collection of information must be done with the consent of the user. According to the SlashGear resource, the Corporation has already informed the developers about the need to bring "problematic" applications in line with the company's privacy policy as soon as possible or remove them from the App Store.

      Applications that support Glassbox developers publish and for the Android platform, but Google has not made any statements about changes to the privacy policy of its distribution service Google Play.
  • Blogs

  • Categories

  • Gadgets


  • Reviews

    • OPPO Reno 3 review: Quad camera and lots of memory

      Last year's OPPO Reno 2 smartphone was remembered for its almost flagship characteristics. In the new generation, the emphasis has shifted - the role of the top-end device has been assigned to the Reno 3 Pro, and the standard “three” has become a mid-budget phone. However, Reno 3 received a powerful quad camera, high-quality screen, and a large amount of memory. We find out how good the new product is.

      Four rear modules and a 44-megapixel front-facing camera
      The main camera of Reno 3 received four modules, as in the top-end device of the series - Reno 3 Pro. However, there are some functions missing, such as interpolation up to 108 MP. All the blocks are arranged in a line on an islet that protrudes noticeably upwards if you wear the gadget without a cover.
      The main module has a 1/2-inch sensor with a resolution of 48 MP and a lens with an aperture of f/1.8. As usual, in standard mode, it produces 12-megapixel images, and if desired, you can take photos in full resolution - 48 MP. Telephoto is based on a 13-megapixel sensor and a lens with an f/2.4 aperture. The ultra-wide Angle is equipped with an 8-megapixel sensor and a lens with an f/2.2 aperture. Finally, the 2 MP sensor is designed to assess the depth of the scene.

      Telephoto, in addition to 2x optical zoom, provides a 5x hybrid zoom. The photo app allows you to quickly switch between four shooting modes: ultra-wide angle, 1x, 2x, and 5x.
      All modules can function together with HDR. This option works perfectly in Auto mode, improving both the light and dark tones of contrasting scenes. Artificial intelligence confidently recognizes the scenes being shot and selects settings.
      However, in non-standard lighting conditions, if you choose wide-angle optics, the color rendering will not always be accurate. This does not happen with the main module and the telephoto lens.

      The main module paired with the auxiliary module gives clear portraits and realistic blurs the background
      Reno 3 shoots well in mixed and artificial lighting, as well as in the absence of light in the dark. In the most problematic cases, the Night program helps out. It combines several shots and works out all the tones of contrasting scenes. For shooting with manual settings, an Expert preset is provided.
      Multi-megapixel selfies
      The front camera is built into the display and is located in the middle of its upper edge, in the "drop". The camera is equipped with a 44-megapixel sensor and a wide-angle f/2.4 aperture lens. The default settings are set to a 40-megapixel resolution of images. And the full one is selected by pressing a separate on-screen button. The image quality in both cases is approximately the same. Sharpness appears only from a distance of about 30 cm, that is, for example, it is impossible to obtain a macro photograph of your eye. It seems that the calculation was made for shooting with outstretched hands or a selfie stick. For self-portraits, there are traditionally many beauty options: smoothing the skin, correcting the shape of the face and nose, eye size, and so on.

      Selfies in 44MP mode
      The smartphone records 4K videos at 30 fps. The supported format is Full HD with 30 and 60 fps, as well as slow-motion clips in HD and Full HD. During movie shooting, you can freely switch the zoom.
      In 4K mode at 30 frames per second, the gadget produces a picture with the correct color reproduction and high definition. But when working with hands, stabilization is noticeably lacking.
      Shooting in Full HD at 60 fps uses Ultra Steady Video 2.0 stabilization, which makes the picture smoother.
      Work and entertainment without lags
      Reno 3 is built on an eight-core MediaTek Helio P90 chipset. The new product in AnTuTu gives out figures comparable to the results of Kirin 970 and Snapdragon 712, and slightly ahead of Snapdragon 710. And in the Geekbench 5 rating - is on par with Snapdragon 845. This speed is sufficient to avoid slowdowns in any applications.
      8 GB of RAM allows you to run multiple programs simultaneously. The built-in fingerprint sensor acts quickly and accurately. There are no performance problems in games. In the popular WoT: Blitz with default graphics settings, the frame rate is confidently kept at 60 fps.

      The device has only one main speaker, which produces clear sound without distortion up to about 90% of the volume. Plus, there is support for Dolby Atmos. In this software add-on, you can add surround sound and a bit of bass - a great option for multimedia applications.
      Unfortunately, you will not be able to create a full stereo pair, because the speaker is quieter than the main one. But in Reno3 Pro two speakers shake as if you are holding a good Bluetooth speaker in your hands. Complete in-ear headphones deliver high-quality sound. Thanks to the audio jack, you can connect your favorite accessory.

      The built-in storage is not too large: 128 GB. But it is easy to increase it by using a microSD memory card. It is placed in a triple slot next to two nano-SIM cards. We had a 512 GB test card at hand - it worked without problems.
      High autonomy
      The gadget is powered by a 4025 mAh battery and supports VOOC 3.0 fast charging technology. A 20 W adapter and a complete cable during the test provided recharging at high speed. For example, from 33 to 78%, the battery was charged in 13 minutes, and up to 100% in 27.
      An hour-long shootout in WoT: Blitz (display brightness - 50%) consumes 11 percent of the battery. That is, without going to the outlet, it is about 9 hours of offline gaming. In Flight-mode, with the same brightness, about 4.4% of the battery charge is spent per hour playing the video in Full HD. Therefore, you should expect 22 hours of offline video viewing. Excellent results!

      If long-term autonomy is not so important, you can disable power consumption optimization in the settings and select "High performance". In this case, the device will work a little faster, and the battery consumption will be stronger.
      Great screen
      Reno 3 is equipped with an AMOLED panel with a diagonal of 6.4 inches, a resolution of FHD+ (2400x1080 pixels), and an aspect ratio of 20:9. The display occupies 90.8% of the front panel area, has a teardrop-shaped cutout for the front and thin frames. The image is clear, with rich but natural colors. The viewing angles are large, and the brightness reserve is sufficient for using the phone on the street in any weather. With minimal screen light, it is comfortable to read in a dark room. And at night, you can switch to "Dark mode" - in fact, this is an inverse version of the design: with a black display and a white font. Many people will find it even more convenient, and it also saves battery life.
      Branded shell of the seventh version
      Reno 3 is running a proprietary ColorOS 7 shell based on Android 10. When comparing with the previous version, you can see that the font has not changed, but many icons have been redrawn. However, their shape and size can be easily changed at your own discretion. The screen can be converted to a split format - just make a three-finger swipe up.
      Specifications of OPPO Reno 3
      DISPLAY: 6.4 ", FHD + (2400x1080), 20: 9
      CHIPSET: CPU MediaTek Helio P90 (MT6779V), 2.2 GHz, GPU PowerVR GM 9446
      RAM: 8 GB
      STORAGE: 128 GB
      MAIN CAMERA: main - 48 megapixels (f/1.8) + 13 megapixels (telephoto) + 8 megapixels (wide-angle) + 2 megapixels (scene depth sensor);
      FRONT CAMERA: - 44 megapixels with f/2.4 aperture
      BATTERY: 4025 mAh
      FEATURES: a sub-screen fingerprint sensor, an NFC module, an audio output, support for microSD cards up to 256 GB (without SIM replacement), a proprietary shell ColorOS 7, three body colors: black, white and blue.
      Test results
      ANTUTU: 223,438
      GEEKBENCH: 5 428 single-core, 1568 multi-core
      AUTONOMY: about 22 hours of video playback

      Summary
      The OPPO Reno 3 is an interesting device with balanced characteristics. From the first minutes, the beautiful design, slim body, and high-quality 6.4-inch screen make you happy. Later on - high performance, fast recharging, and good battery life. The advantages include the photo-filling, including a 44-megapixel front camera. In addition, the built-in drive can be expanded with a memory card, but not to the detriment of the second SIM card - a trifle, but nice.

About Us

Worlds Tech News. CheapDeveloper provides the latest technology news, phone launch details, smartphone reviews, comparisons, laptops, cameras, Computer Hardware, Software, apps and more. You can trust our in-depth technology reviews to help you buy the best product for your needs.

×
×
  • Create New...