„Passwort“ Folge 50: Jubiläum mit Feedback, Cloudflare und Bluetooth-Lücke
Im Security-Podcast geht es um Festplattenverschlüsselungen, fragwürdige Matrix-Server, KI-Teststrings, Bluetooth-Lücken – und um das reichliche Hörer-Feedback.
„Passwort“ Folge 50: Jubiläum mit Feedback, Cloudflare und Bluetooth-Lücke
Im Security-Podcast geht es um Festplattenverschlüsselungen, fragwürdige Matrix-Server, KI-Teststrings, Bluetooth-Lücken – und um das reichliche Hörer-Feedback.
Seriously. I have a bluetooth mouse that wouldn't enter pairing mode. It was connecting to something... maybe a smart switch or whatever. This cheap mouse has no way to enter pairing mode if it's connected to something.
So anyway, a microwave oven is a faraday cage. I turned the mouse on, tossed it in, shut the door and waited. It entered pairing mode quickly, and boom, connected to my tablet.
A+++ life hack by yours truly. Just don't start the nuker or magic smoke will come out 😆
heise+ | Lego Smart Play: Patentanträge und FCC-Dokumente enthüllen Technik
Lego packt eine Elektronik-Plattform mit 3D-Magnettracking, Multi-Radio-Funk und induktivem Laden in einen Klemmbaustein. Patente zeigen, wie es funktioniert.
#Windows znowu mnie wkur... - polaczenie #Bluetooth ze sluchawkami znowu sie... zepsulo. A juz myslalem, ze bedzie stabilne xD
Im szybciej uda mi sie zmigrowac #Linux.a na szybszy dysk tym lepiej, musze tylko uporzadkowac troche plikow i zrobic miejsce ;) Coraz lepiej sie tu czuje :P
The "Bluetooth Headphone Jacking" talk at #39c3 was awesome, too. They reversed a popular SOC that powers Bluetooth earbuds and headphones.
They found that (even without being paired to the headphone), they could dump flash and RAM from the device. Then they dumped a bunch of info from the device - e.g. the #Bluetooth address and "master" encryption keys used for the communication with paired devices (e.g. a #phone).
Then they impersonated the headphone from their laptop and connected to the phone (pretending to be the headphone).
The headphone (or the laptop impersonating the phone) has permissions to do some things on the phone, e.g. accept calls, increase/decrease volume, etc.
Then they started recovering access a #WhatsApp account via some account recovery mechanisms. That required some one-time security key which would normally be delivered via SMS, but that could be delivered via phone call as a fallback option, too. Since the phone thought it was connected to the Bluetooth headphone, phone call audio would go to the laptop via Bluetooth.
As the cherry on top, they escalated into the victim's #Amazon account.
@mingueo GNU/Linux Brasil Uma valiosa dica é pesquisar se dispositivos funcionam com software livre, inclusive com o kernel citado (que nem sempre é), se infelizmente demandam firmware privativo ou se nem assim, em https://h-node.org/bluetooth/catalogue/pt (ligação para a seção :bluetooth: ) e também relatar caso tenha informações novas. :dukeThumbsUp: :fsf:
heise+ | Hörgerät ReSound Enzo IA 998 mit Bluetooth LE und Auracast im Test
Hörgeräte mit Bluetooth ersetzen drahtlose Ohrhörer und empfangen per Auracast oder Streamer den Ton von TV und Computer. Ein Test der GN ReSound Enzo IA 998.
Einige Firmen bieten Webdienste an, um NFC-Visitenkarten mit Kontaktdaten zu bespielen. Die sollte man ignorieren und die Dinge selbst in die Hand nehmen.
heise+ | Bluetooth-Reichweite mit ESP32 erhöhen: Einsteigerprojekt für Home Assistant
Mit dem ESP32 bringen Home-Assistant-Nutzer leicht Bluetooth in entlegene Ecken. Zusätzlich können sie dem Mikrocontroller weitere Aufgaben übertragen.
Does anyone know of the following phenomenon with #Android and #Bluetooth#headset, in this case a Shoks Opencomm 2, which does not play a ringtone when receiving calls or adjusting settings?
Book cover for Arduino for Arduinians: 70 Projects for the Experienced Programmer by John Boxall. Illustration of a robot wearing goggles soldering an Arduino board at a workbench. On the desk are tools including a soldering iron, pliers, small electronic components, and a laptop. Background features a repeating circuit board pattern. The No Starch Press logo appears in the bottom right corner.