Forwarded from cRyPtHoN™ INFOSEC (EN)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from BlackBox (Security) Archiv
Kazakhstan's HTTPS Interception
This post describes our analysis of carrier-level HTTPS interception ordered by the government of Kazakhstan.
The Kazakhstan government recently began using a fake root CA to perform a man-in-the-middle (MitM) attack against HTTPS connections to websites including Facebook, Twitter, and Google. We have been tracking the attack, and in this post, we provide preliminary results from our ongoing research and new technical details about the Kazakh interception system.
👉🏼 Read more:
https://censoredplanet.org/kazakhstan
#kazakhstan #HTTPS #interception #websites #MitM #tracking #attack #research #analysis #facebook #twitter #google
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
This post describes our analysis of carrier-level HTTPS interception ordered by the government of Kazakhstan.
The Kazakhstan government recently began using a fake root CA to perform a man-in-the-middle (MitM) attack against HTTPS connections to websites including Facebook, Twitter, and Google. We have been tracking the attack, and in this post, we provide preliminary results from our ongoing research and new technical details about the Kazakh interception system.
👉🏼 Read more:
https://censoredplanet.org/kazakhstan
#kazakhstan #HTTPS #interception #websites #MitM #tracking #attack #research #analysis #facebook #twitter #google
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Hardware Security Threats Against #Bluetooth #Mesh Networks
https://ieeexplore.ieee.org/document/8433184/authors#authors
Security risks of Bluetooth
Man-in-the-middle attacks (#MITM):
Bluetooth connections can be susceptible to eavesdropping attacks if strong encryption is not used. Older Bluetooth versions (before 4.2) are particularly risky.
#Bluejacking & #bluesnarfing:
Attackers could try to send unwanted messages (bluejacking) or even steal data from devices (bluesnarfing).
Traceability:
Bluetooth devices often send unique #MAC addresses, which makes users traceable.
Weak standard pairing methods:
Many devices still use simple PINs or confirm connections without verification (e.g. "Just Works" mode with Bluetooth LE).
Risks specific to Bluetooth mesh networks
Mesh networks increase the attack surface:
Each device in the mesh acts as a relay, which means that a compromised device could influence the entire data traffic.
Lack of end-to-end encryption:
If the app/software does not implement additional encryption, messages can be forwarded in plain text.
Decentralized management:
Without centralized control, it is difficult to identify and remove malicious nodes.
https://ieeexplore.ieee.org/document/8433184/authors#authors
Security risks of Bluetooth
Man-in-the-middle attacks (#MITM):
Bluetooth connections can be susceptible to eavesdropping attacks if strong encryption is not used. Older Bluetooth versions (before 4.2) are particularly risky.
#Bluejacking & #bluesnarfing:
Attackers could try to send unwanted messages (bluejacking) or even steal data from devices (bluesnarfing).
Traceability:
Bluetooth devices often send unique #MAC addresses, which makes users traceable.
Weak standard pairing methods:
Many devices still use simple PINs or confirm connections without verification (e.g. "Just Works" mode with Bluetooth LE).
Risks specific to Bluetooth mesh networks
Mesh networks increase the attack surface:
Each device in the mesh acts as a relay, which means that a compromised device could influence the entire data traffic.
Lack of end-to-end encryption:
If the app/software does not implement additional encryption, messages can be forwarded in plain text.
Decentralized management:
Without centralized control, it is difficult to identify and remove malicious nodes.