* Security researchers have discovered new Bluetooth security flaws that allow
hackers to impersonate devices and perform man-in-the-middle attacks. * The
vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4,
including laptops, PCs, smartphones, tablets, and others. * Users can do nothing
at the moment to fix the vulnerabilities, and the solution requires device
manufacturers to make changes to the security mechanisms used by the technology.
Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066
[https://dl.acm.org/doi/pdf/10.1145/3576915.3623066] Github:
https://github.com/francozappa/bluffs [https://github.com/francozappa/bluffs]
CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023
[https://nvd.nist.gov/vuln/detail/CVE-2023-24023]
Yes. If you turn off a computer it can’t be compromised.
But I think the interesting question is if its possible have a system that does something useful, while at the same time be 100% secure.
The answer is probably yes, especially small systems that have been designed for a single purpose, but it would be incredibly difficult to prove it. Just because it hasn’t been compromised yet doesn’t mean it won’t in the future.
Even doing a formal proof only proves things within the abstract model the proof works with.
I disagree, a computer that is turned off can absolutely be compromised, thought not remotely.
An attacker who gains access to a computer could take the hard drive (generic name for the boot drive or storage drive), then infect it with malware giving the attacker remote access later, then reassemble the machine.
By definition all systems can be hacked, the more complex the system, the more ways it can be hacked.
The one time pad system, is as far as I know the only encryption system that is unbreakable, if used properly, that is because it is so simple in theory, but during actual use in critical times, the system was misused by technicians, enabling some messages to be read.
To be fair, the PXE boot would not affext a powered off device, it would only be an issue if the device was powered on.
But this is just splitting hairs, you have a good point in that few people would expect a PXE boot attack, not to mention that it could interact with wake on lan, which would turn on a powered down computer.
No, all systems can be hacked, new methods and technologies are discovered are developed constantly.
The only encryption system that I know of that is in fact unbreakable is the one time pad system, but that only works if the crypto technician uses it correctly. During actual use, reuse of codes have enabled other parties to decrypt messages.
The Enigma machine was thought to be unbreakable, but had serious flaws that when discovered, enabled the Allies to systematically find the key and decrypt messages.
The Seimens & Halske T52 was an even more secure encryption machine, was also cracked during WW2, and enabled Sweden to listen in on messges to and from Norway.
I use these examples as they were designed to be unbreakable, similarly to modern computer system which are often designed to prevent hacking.
The PS3 was considered unhackable for years, but people kept working the problem, untill a way in was found, it was patched, but new methods were found, and so on.
Same goes for anything, so keep your devices up to date if you want them as secure as they can be with the current knowledge.
Out of curiosity, has there ever been a system that’s is truly 100% unhackable?
Yes. If you turn off a computer it can’t be compromised.
But I think the interesting question is if its possible have a system that does something useful, while at the same time be 100% secure.
The answer is probably yes, especially small systems that have been designed for a single purpose, but it would be incredibly difficult to prove it. Just because it hasn’t been compromised yet doesn’t mean it won’t in the future.
Even doing a formal proof only proves things within the abstract model the proof works with.
I disagree, a computer that is turned off can absolutely be compromised, thought not remotely.
An attacker who gains access to a computer could take the hard drive (generic name for the boot drive or storage drive), then infect it with malware giving the attacker remote access later, then reassemble the machine.
By definition all systems can be hacked, the more complex the system, the more ways it can be hacked.
The one time pad system, is as far as I know the only encryption system that is unbreakable, if used properly, that is because it is so simple in theory, but during actual use in critical times, the system was misused by technicians, enabling some messages to be read.
Network booting with PXE, technically, can be a form of remote boot if its still hard wired to the network , so not even off is safe
To be fair, the PXE boot would not affext a powered off device, it would only be an issue if the device was powered on.
But this is just splitting hairs, you have a good point in that few people would expect a PXE boot attack, not to mention that it could interact with wake on lan, which would turn on a powered down computer.
If a magic packet is accepted, off isn’t off. 😉
That’s fair.
It totally is splitting hairs and I was just being super technical lol
One time pad system is only unbreakable if you ignore nearly everything about it.
It requires key exchange, storage, cordination, and disposal. In other words, the usual targets.
Yep, that is why I noted “if used peoperly” (:
No, all systems can be hacked, new methods and technologies are discovered are developed constantly.
The only encryption system that I know of that is in fact unbreakable is the one time pad system, but that only works if the crypto technician uses it correctly. During actual use, reuse of codes have enabled other parties to decrypt messages.
The Enigma machine was thought to be unbreakable, but had serious flaws that when discovered, enabled the Allies to systematically find the key and decrypt messages.
The Seimens & Halske T52 was an even more secure encryption machine, was also cracked during WW2, and enabled Sweden to listen in on messges to and from Norway.
I use these examples as they were designed to be unbreakable, similarly to modern computer system which are often designed to prevent hacking.
The PS3 was considered unhackable for years, but people kept working the problem, untill a way in was found, it was patched, but new methods were found, and so on.
Same goes for anything, so keep your devices up to date if you want them as secure as they can be with the current knowledge.