Cyber security

Manual Exploits – Assessing Device Security Through Direct Interaction

This check could be used to assess the severity of the attacks. If the target device is pairable even if the user does not navigate to the pairing/discovery menu then such a device has a higher exposure to the threats.

It should be noted that previous research showed that Bluetooth MAC addresses could be passively collected with a high probability.

To check the target device:

  • obtain a MAC address of a target
  • do not navigate to the pairing/discovery menu
  • try to connect to the target using bluetoothctl and hcitool

Only The Vehicle Can Initiate A Connection

This check applies mainly to the In-vehicle-infotainment systems (IVI).

IVI systems generally allow the phone to connect to them but lack the capability of connecting back.

There are also such IVI systems that allow the connection to be initiated in both ways.

The most secure one is a connection initiated by the IVI system.

It should be also noted that defences for the attacks might be implemented for a connection initiated by the phone but the same defences might be lacking when the connection is initiated by the IVI system.

Fast Reboot

This is a check whether or not it is possible to reboot the target device.

Some devices like In-Vehicle-Infotainment systems mainly do not allow to be rebooted unless one switches off and closes the vehicle for 10-20 minutes.

The result could be additionally used to assess the severity of Denial of Service exploits.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

19 hours ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 day ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 day ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 day ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 day ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

1 day ago