At a glance.
- Bluetooth Low Energy vulnerability.
- US warns of DPRK IT workers seeking jobs abroad.
Bluetooth Low Energy vulnerability.
Researchers at NCC Group have discovered a link-layer vulnerability in Bluetooth Low Energy (BLE) systems that affects "millions of vehicles, residential smart locks, commercial building access control systems, smartphones, smart watches, laptops and more."
NCC Group said in a press release, "[W]e demonstrate, as proof of concept, that a link layer relay attack conclusively defeats existing applications of BLE-based proximity authentication and prove that very popular products are currently using insecure BLE proximity authentication in critical applications. By forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt."
The vulnerability is inherent in the technology and can't be patched, but the researchers offer the following mitigations:
- "Manufacturers can reduce risk by disabling proximity key functionality when the user’s phone or key fob has been stationary for a while (based on the accelerometer)
- "System makers should give customers the option of providing a second factor for authentication, or user presence attestation (e.g., tap an unlock button in an app on the phone)
- "Users of affected products should disable passive unlock functionality that does not require explicit user approval, or disable Bluetooth on mobile devices when it’s not needed"
US warns of DPRK IT workers seeking jobs abroad.
The US State Department, US Treasury Department and the FBI issued a joint statement yesterday warning of attempts by North Korean IT workers to obtain employment at organizations around the world. The Departments stated, "These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and East Asia. In many cases, DPRK IT workers represent themselves as U.S.-based and/or non-North Korean teleworkers. The workers may further obfuscate their identities and/or location by sub-contracting work to nonNorth Koreans. Although DPRK IT workers normally engage in IT work distinct from malicious cyber activity, they have used the privileged access gained as contractors to enable the DPRK’s malicious cyber intrusions. Additionally, there are likely instances where workers are subjected to forced labor."
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, offered the following thoughts:
"Defending against North Korean nation-state actors is difficult, particularly when these threats are now coming from both outside and inside organizations. They are often well funded, highly sophisticated, and – as we’re seeing with this FBI warning – capable of thinking outside the box to find new ways to attack networks, as we’re now seeing with rogue freelancers hacking from within. Our recent research shows that cybercrime has become a primary means of revenue generation in North Korea, and APT groups are helping it to work outside of international sanctions, funding political and military gains. In fact, it’s estimated that up to $2 Billion makes its way directly into North Korea’s weapons program each year as a result of nation state cybercrime.
"Ultimately, there’s no telling what these rogue freelancers are after. The targets that spring to mind are data theft or potentially funds, but we’ve seen in the past that North Korean APT groups have made use of stolen code signing identities in devastating nation state attacks, so they’re likely to be on the table as well. The problem is that there’s currently not enough awareness and security around the importance of machine identities. This lack of focus allows North Korean cybercriminals to take advantage of a serious blindspot in software supply chain attacks."