IDG Contributor Network: Are you being tracked through a Bluetooth security vulnerability?

Research published this month by a team from Boston University has revealed a number of flaws in the way that Bluetooth Low Energy functionality is implemented on a wide range of consumer devices.

These devices – including both Apple and Microsoft Bluetooth devices – advertise their availability on open channels, and this opens the way for global device tracking. With spyware in the IoT becoming a major source of concern for cybersecurity researchers, this new research indicates that the problem may be even larger than we imagined.

The flaw

The paper describes a methodology for identifying Bluetooth devices, even when their MAC addresses are hidden or randomized.

In early implementations of the Bluetooth protocol, devices ‘advertised’ their presence by broadcasting data on so-called ‘advertising channels’. This system was designed to allow Bluetooth devices to be paired easily but had some significant security vulnerabilities.

Specifically, devices sent their Bluetooth MAC address to these channels. This is a permanent address, and so anyone within a few meters of the device was able to collect a unique identifier. This could then be used to track a Bluetooth device wherever it went.

In order to combat this problem, the Bluetooth Low Energy standard moved away from using open MAC addresses. Instead, devices using the protocol are given randomized, temporary addresses. These were believed to make newer Bluetooth devices untrackable.

Software Vulnerabilities in the Boeing 787

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities:

At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane’s network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane’s safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787’s network architecture would make that progression impossible.

Santamarta admits that he doesn’t have enough visibility into the 787’s internals to know if those security barriers are circumventable. But he says his research nonetheless represents a significant step toward showing the possibility of an actual plane-hacking technique. “We don’t have a 787 to test, so we can’t assess the impact,” Santamarta says. “We’re not saying it’s doomsday, or that we can take a plane down. But we can say: This shouldn’t happen.”

Boeing denies that there’s any problem:

In a statement, Boeing said it had investigated IOActive’s claims and concluded that they don’t represent any real threat of a cyberattack. “IOActive’s scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system,” the company’s statement reads. “IOActive reviewed only one part of the 787 network using rudimentary tools, and had no access to the larger system or working environments. IOActive chose to ignore our verified results and limitations in its research, and instead made provocative statements as if they had access to and analyzed the working system. While we appreciate responsible engagement from independent cybersecurity researchers, we’re disappointed in IOActive’s irresponsible presentation.”

This being Black Hat and Las Vegas, I’ll say it this way: I would bet money that Boeing is wrong. I don’t have an opinion about whether or not it’s lying.

Posted on August 16, 2019 at 6:12 AM


Best antivirus software: 10 top tools

The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Five of the 18 products tested earned a perfect rating of 6 for each of those criteria:

  • F-Secure PSB Computer Protection
  • Kaspersky Lab Endpoint Security
  • Kaspersky Lab Small Business Security
  • Symantec Endpoint Protection Cloud
  • Trend Micro OfficeScan

The top 10 antivirus offerings shown here in alphabetical order scored at least 17.5 points out of a possible 18. You can drill down on the full results at The AV-TEST Institute’s website. 

How to use these antivirus test results

Keep in mind that these tests were done in a lab environment. Different enterprise systems with different threat models will see different results for each of the products listed below. In other words, don’t expect that a 100% detection rate in the lab means that a product will detect all antivirus threats on your network. One reason is that it can take days for a newly submitted malware sample to make it into any given antivirus product’s database.

What the AV-TEST results show is which Windows antivirus products are consistently the best at the fundamentals of malware detection and have minimal impact on system performance. That makes a good starting point as you evaluate which products work best for your environment.

Best Windows 10 antivirus tools

1. Avast Business Antivirus Pro Plus 19.3

Avast Business Antivirus Pro Plus could have had a perfect score with just a slight improvement on protection. It stopped 97% of all zero-day malware attacks. Performance improved over the last round of tests with the product near industry average for all tests. Otherwise, it had a perfect score for usability with no false warnings, blockages or false detection of legitimate software as malware.

2. Bitdefender Endpoint Security 6.6

Bitdefender Endpoint Security stopped 98.8% of all zero-day malware web and email attacks tested, and all malware discovered in the last four weeks. Performance degradation when using applications and websites was mostly minimal in and in some cases better than industry average. However, it was 6 percentage points slower than industry average for launching popular websites on a standard PC. For the latest round of tests, the product gave just one false warning.

3. Bitdefender Endpoint Security (Ultra) 6.6

Bitdefender’s Ultra version scored similarly to its standard product. It did lose a half-point in the performance rating due to slower installation of frequently used applications, scoring 5 percentage points below industry average.

4. F-Secure PSB Computer Protection 19

PSB Computer Protection had perfect scores in all categories, improving in performance over the last round. It detected 100% of zero-day attacks and 100% of more common malware. The product scored significantly higher than industry average on some performance tests. The software did have one false detection of legitimate software as malware.

5. Kaspersky Endpoint Security 11.1

With its perfect scores across the board, Kaspersky Endpoint Security continues its run in the top tier of anti-malware products. It stopped 100% of all zero-day and known attacks tested. On the performance side, the product had minimal impact on the launching or installation of websites or applications. It flagged no false warnings, detections or blockages.

6. Kaspersky Small Office Security 6

Kaspersky Small Office Security scored similarly to the company’s endpoint protection product. It had a higher impact on website launches.

7. Microsoft Defender Antivirus 4.18

Microsoft Defender Antivirus was as good as any other product in terms of detecting malware and usability ratings. It performed well, but was 5 percentage points slower than industry average when installing frequently used applications on a standard PC. It lost a half point for three false detections of legitimate software as malware.

8. Symantec Endpoint Protection 14.2

In addition to a perfect protection score, Symantec Endpoint Protection is one of the better-performing anti-malware tools tested. It scored above industry average in every category. It blocked one action while installing and using legitimate software but gave no false detections of legitimate software as malware.

9. Symantec Endpoint Protection Cloud 22.17

Symantec Endpoint Protection Cloud scored similarly to its non-cloud counterpart. 

10. Trend Micro Office Scan 12.0

Trend Micro Office Scan was another top performer. It detected all malware samples in the test and scored at or above industry average on performance. The only blemish was a false blockage of an action while installing and using legitimate software. 

Related video