• About
  • Advertise
  • Careers
  • Contact
Friday, January 22, 2021
No Result
View All Result
NEWSLETTER
iotsanjose
  • Home
  • IoT
  • Smart Cities
  • Data & Analytics
  • Enterprise
  • Development
  • Security
  • Home
  • IoT
  • Smart Cities
  • Data & Analytics
  • Enterprise
  • Development
  • Security
No Result
View All Result
iotsanjose
No Result
View All Result
Home Data & Analytics

Enterprise IoT and protecting against Bluetooth endpoint vulnerabilities: A guide

by iotadmin
January 24, 2020
in Data & Analytics, Enterprise, IoT, Security
0
Enterprise IoT and protecting against Bluetooth endpoint vulnerabilities: A guide
0
SHARES
11
VIEWS
Share on FacebookShare on Twitter

It is well established that IoT devices greatly increase the security challenges of defending corporate networks, and a recent PwC survey reported that 71% of manufacturers plan to deploy IoT devices, despite the associated risks. It seems like the IoT train has left the station and is rushing full steam ahead towards the horizon.

In order to continue to travel safely, enterprises must understand the risks of deploying IoT devices and how to mitigate them. This assessment process should consider the devices that create the risk, an analysis of the type of attacks that they can be used for and the potential implications and regulatory risks.

When it comes to leveraging vulnerabilities on these devices, one area that is frequently overlooked is Bluetooth. This low-powered wireless technology is on every endpoint, widely used in IoT devices is often active and usually discoverable by default.

It’s easy to think of Bluetooth as a relatively harmless technology from a security point of view. It’s widely believed that it’s apparent short range means attackers have to be in very close proximity in order to exploit it and that there’s not much they could do with it even if they were.

Bluetooth connections are encrypted, but that has not stopped researchers finding vulnerabilities allowing them to eavesdrop on connections between phones and headsets. Bluetooth can be used to transfer files from one device to another, so if an attacker could access a device via the Bluetooth protocol they could also potentially access sensitive information on that device.

The apparent “10 metre range” is also vulnerable. Using a directional antenna, Bluetooth discoverability can be extended to over a mile. Range can also be extended by piggybacking signals off other devices or by using Bluetooth beacons.

One of the biggest issues exploiting Bluetooth vulnerabilities is BlueBorne. First revealed in September 2017, BlueBorne is a collection of vulnerabilities that can allow an attacker to take over a device, infect it with malware or establish MITM attacks. Patches have been made available and most up-to-date PCs, smartphones and Apple devices are now protected, but legacy devices and unpatchable Android devices remain at risk.

The risk of BlueBorne is magnified by Bluetooth mesh networking, which allows many-to-many connections meaning an attacker could easily jump from one device to another and build a Bluetooth botnet.

More recently, a threat known as BleedingBit emerged, exploiting two, critical chip-level vulnerabilities in Bluetooth Low Energy chips made by Texas Instruments. These chips are so common, attackers could simply walk into the lobby of a company, scan for available Wi-Fi networks and begin their attack. Critically, BleedingBit does not require attackers to be paired with the target device or have any prior knowledge of the device’s information.

How to protect the enterprise

Some security software makes this easier than others. The recent International Botnet and IoT Security Guide by the CSDE (Council to Secure Digital Economy) states that botnets are more frequently targeting enterprise IoT and other IoT devices with more complex processors and architectures. And indeed, the risk will increase as more devices find their way into corporate environments.

Where possible, consider the options for physical hardening of the device to prevent tampering and unauthorised access. Is the device located externally to the premises (for example, security cameras in parking lots or other publicly accessible areas)? If so, consider how and under what circumstances you would be able to detect if it had been tampered with.

Securing your IoT devices also encompasses your process for decommissioning used and obsolete equipment. IoT devices can contain sensitive data about your network or business, so they need to be disposed of carefully. In one experiment, researchers reverse engineered a simple ‘smart’ light bulb after use, and were able to retrieve the WPA2 key for the network it had been connected to as well as the root certificate and RSA private key hardcoded by the device manufacturer.

Mitigations are available to ensure devices are protected from Bluetooth attacks. Firstly, for devices equipped with Bluetooth, but not actually using that functionality, ensure that Bluetooth is turned off! Where this is not possible, ensure that all devices are fully patched.

Implementing Bluetooth device control across all endpoints within the organisation will address the more serious bugs and vulnerabilities such as those mentioned earlier.

It’s vital that your enterprise is aware of the risks IoT devices present and that it develops policies to govern how these devices are procured, monitored and decommissioned. Bluetooth vulnerabilities may seem an unlikely route for malicious actors to take, but the vulnerabilities outlined earlier, and the attraction of reaching even air-gapped systems means attackers won’t hesitate to exploit Bluetooth devices.

Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Related Stories
Download Nulled WordPress Themes
Download Nulled WordPress Themes
Download Premium WordPress Themes Free
Download Nulled WordPress Themes
free download udemy course
download mobile firmware
Premium WordPress Themes Download
online free course
Tags: Enterprise IoT and protecting against Bluetooth endpoint vulnerabilities: A guide
iotadmin

iotadmin

Next Post
Consumer Reports warns IoT camera makers to improve their security

Consumer Reports warns IoT camera makers to improve their security

Recommended

Forward, Toward a New Normal – A transitional playbook for resuming manufacturing operations in the [hopefully soon to be post] Covid-19 Era

2 months ago
How sensors and wearables are adding a whole new meaning to remote patient monitoring

How sensors and wearables are adding a whole new meaning to remote patient monitoring

1 year ago

Buy CBD Online

  • CBD Oils
  • CBG
  • Sleep spray
  • CBD gummies
  • buy CBD oil
  • Dab pens
  • CBD Patches
  • CBD pills
  • Pet CBD
  • CBD for pain
  • CBD for sleep
  • CBD Flower
Facebook Twitter Youtube RSS

Newsletter

Subscribe our Newsletter for latest updates.

Loading

Category

  • AI
  • Analysis
  • Connected Cars
  • Connected Vehicles
  • Data & Analytics
  • Development
  • Enterprise
  • Healthcare
  • IIoT
  • IoT
  • Manufacturing
  • New Connections
  • News
  • Oil & Gas
  • Security
  • Smart Cities
  • Smart Homes
  • Standards
  • Uncategorized
  • Wearables

About Us

Advance IOT information site of Sanjose USA

© 2019-20 iotsanjose.com.

No Result
View All Result
  • Home
  • IoT
  • Smart Cities
  • Data & Analytics
  • Enterprise
  • Development
  • Connected Cars
  • AI
  • Security
  • IIoT
  • Standards

© 2019-20 iotsanjose.com.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In