According to reliable sources.The first group of senior Army Officer of the Democratic Republic of Congo will be in some classes about military issues in the United States between 3rd to 4th September this year.These drills and shortcourse classes are to enable these officers attain skills of preventing and fighting against chaos of various militia groups that come up everyday.
Tuesday, August 11, 2020
Monday, August 10, 2020
China’s first amphibious assault ship, the Type 075 landing helicopter dock (LHD), was put to sea for the first time on Wednesday
Photos and video on social media showed the warship being escorted away from the docks by the Hudong Zhonghua shipyard in Shanghai by tugboats on Wednesday morning, before steaming away under its own power.
pic.twitter.com/khsjxSHwPN
— Naval News (@navalnewsnet)
August 5, 2020
Judged to be between 35,000 and 40,000 tons displacement, the Type 075 is the rough equivalent of the US Navy’s Wasp-class amphibious assault ships. This class of warship has both a flight deck for launching helicopters or aircraft capable of vertical takeoff and landing, as well as docking facilities for launching amphibious watercraft and thousands of marines.
Finally clear images of the first Type 075 leaving port ...
(Images via @Jerry_zijie at Weibo) pic.twitter.com/0qtWdVnrVV
— @Rupprecht_A (@RupprechtDeino)
August 5, 2020
Chinese PLAN 075 LHD from above
pic.twitter.com/GAQEAEpJrC — AirForceWorld.com (@AirForceWorld) August 5, 2020
Li Jie, a Beijing-based naval expert, told the Global Times that during the ship’s maiden voyage, the crew will likely test its main systems, such as propulsion, navigation, and communication.
The lead ship of what is expected to be a class of three vessels, the first Type 075 was launched from the shipyard in September 2019. Since then, it has remained moored at the dock next to the shipyard as fitting out work continued. It was later joined by a sister ship, and a third is under construction in the drydock.
In April, a fire broke out inside the ship, but it was quickly extinguished.
The Global Times reported at the time the damage was minor and had not impacted the construction schedule.
According to the Global Times, the lead ship will likely not be commissioned until 2021 or 2022. It’s likely the ship will continue to be known as the Type 075 until then, as past warships have not been christened with names until their commissioning, either.
India bans importation of some military equipments
In a major boost to domestic industry, the Indian defence ministry has created a budget of $7 billion for domestic capital procurement in the current financial year, under self-reliant India scheme announced by Prime Minister Narendra Modi. The move is likely to impact defence trade with other countries.
Indian Defence Minister Rajnath Singh has announced an absolute ban on the import of 101 defence equipment including simple parts and high technology weapons systems like artillery guns, assault rifles, corvettes, sonar systems, transport aircraft, light combat helicopters, and radar arrays.
Taking cue from that evocation, the Ministry of Defence has prepared a list of 101 items for which there would be an embargo on the import beyond the timeline indicated against them. This is a big step towards self reliance militarily.
With the latest embargo, contracts worth almost $53.354 billion (4 trillion INR) will be transitioned to domestic production within the next five to seven years, the ministry said in a statement. The army and air force are likely to procure items worth $17.340 billion (1.3 trillion INR) and navy for almost $18.674 billion (1.4 trillion INR) in the next four years.
https://mobile.twitter.com/rajnathsingh?p=s
The Ministry of Defence has also bifurcated the capital procurement budget for 2020-21 between domestic and foreign capital procurement. A separate budget head has been created with an outlay of nearly $6.937 billion (520 bln INR) for domestic capital procurement in the current financial year.
Amid the “big” announcement, opposition leader P. Chidambaram, taking a jibe at the government has said: “the only importer of defence equipment is the Defence Ministry. Any import embargo is really an embargo on oneself. What the Defence Minister said in his historic Sunday announcement deserved only an Office Order from the Minister to his Secretaries!”
The announcement might be a whimper to the former finance minister but the move is going to hit India’s defence trade with Russia and the US. India is the second largest importer of arms in the world, and its largest suppliers are Russia and the US.
Data compiled by Stimson Centre finds that Russia is India’s top defence supplier, accounting for $9.3 billion worth of exports to India since 2014. The US ranks a distant second, having sold defence supplies worth $2.3 billion to India in the same period.
In next few years, Russian equipment like the S-400 systems, fighter jets and a quick reaction defence system will be inducted into the Indian armed forces.
Sameer Lalwani, research fellow at Stimson Center, in his paper shows that 86% of the equipment, weapons and platforms currently in military service in India is of Russian origin; the figure is a whopping 90% if around 10,000 pieces of military hardware are also taken into consideration.
Indian Defence Minister Rajnath Singh has announced an absolute ban on the import of 101 defence equipment including simple parts and high technology weapons systems like artillery guns, assault rifles, corvettes, sonar systems, transport aircraft, light combat helicopters, and radar arrays.
Taking cue from that evocation, the Ministry of Defence has prepared a list of 101 items for which there would be an embargo on the import beyond the timeline indicated against them. This is a big step towards self reliance militarily.
With the latest embargo, contracts worth almost $53.354 billion (4 trillion INR) will be transitioned to domestic production within the next five to seven years, the ministry said in a statement. The army and air force are likely to procure items worth $17.340 billion (1.3 trillion INR) and navy for almost $18.674 billion (1.4 trillion INR) in the next four years.
https://mobile.twitter.com/rajnathsingh?p=s
The Ministry of Defence has also bifurcated the capital procurement budget for 2020-21 between domestic and foreign capital procurement. A separate budget head has been created with an outlay of nearly $6.937 billion (520 bln INR) for domestic capital procurement in the current financial year.
Amid the “big” announcement, opposition leader P. Chidambaram, taking a jibe at the government has said: “the only importer of defence equipment is the Defence Ministry. Any import embargo is really an embargo on oneself. What the Defence Minister said in his historic Sunday announcement deserved only an Office Order from the Minister to his Secretaries!”
The announcement might be a whimper to the former finance minister but the move is going to hit India’s defence trade with Russia and the US. India is the second largest importer of arms in the world, and its largest suppliers are Russia and the US.
Data compiled by Stimson Centre finds that Russia is India’s top defence supplier, accounting for $9.3 billion worth of exports to India since 2014. The US ranks a distant second, having sold defence supplies worth $2.3 billion to India in the same period.
In next few years, Russian equipment like the S-400 systems, fighter jets and a quick reaction defence system will be inducted into the Indian armed forces.
Sameer Lalwani, research fellow at Stimson Center, in his paper shows that 86% of the equipment, weapons and platforms currently in military service in India is of Russian origin; the figure is a whopping 90% if around 10,000 pieces of military hardware are also taken into consideration.
The US national security agency warned military intelligence personels and other military disciplines of turning on location sharing services on their mobile phones
The US National Security Agency (NSA) issued new guidance on Tuesday advising military and intelligence-community personnel to turn off location-sharing services on their cellphones to prevent security breaches.
“Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations,” the NSA bulletin warned.
In the alert, the NSA also noted that even if cellular service is turned off for a mobile device, Wi-Fi and Bluetooth can still be used to identify a user’s location. Tech companies can then sell parts of that data to marketers, advertisers or other customers.
“Inconspicuous equipment (e.g., wireless sniffers) can determine signal strength and calculate location, even when the user is not actively using the wireless services. Even if all wireless radios are disabled, numerous sensors on the device provide sufficient data to calculate location,” the agency said.
The agency also warned that other gadgets that connect to the internet, including fitness trackers, smart watches, some medical devices and other household smart devices, could be susceptible to security breaches and may reveal sensitive location data.
“While there are countless benefits to using mobile devices, location data exposure can be a risk to users,” Neal Ziring, technical director for cybersecurity at the NSA, said in a
statement to the Wall Street Journal.
“NSA publishes technical and threat analyses based on our authorities and customer needs. As connected mobile devices continue to expand into more networks, we’ve received more queries from our national security customers about using them securely.”
The warning comes as tensions between Washington and Beijing grow over the Chinese-owned video-sharing app TikTok, with US President Donald Trump last week saying he plans to ban the app from the US over concerns that China may be using it to collect data on American citizens and businesses.
Most recently, US Secretary of State Mike Pompeo told reporters Wednesday that the Land of the Free wants to “see untrusted Chinese apps removed from app stores,” noting that apps TikTok and messenger platform WeChat post significant threats to Americans’ personal data.
Microsoft on Sunday revealed that it is in talks to buy some operations of TikTok. Trump this week said he would allow an American company like Microsoft to buy the app, with the caveat that the US Treasury would get a “very large percentage” of the selling price.
"Whether it's Microsoft or somebody else, or if it's the Chinese - what the price is, the United States could - should get a very large percentage of that price. Because we're making it possible," he said, CNN reported.
“Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations,” the NSA bulletin warned.
In the alert, the NSA also noted that even if cellular service is turned off for a mobile device, Wi-Fi and Bluetooth can still be used to identify a user’s location. Tech companies can then sell parts of that data to marketers, advertisers or other customers.
“Inconspicuous equipment (e.g., wireless sniffers) can determine signal strength and calculate location, even when the user is not actively using the wireless services. Even if all wireless radios are disabled, numerous sensors on the device provide sufficient data to calculate location,” the agency said.
The agency also warned that other gadgets that connect to the internet, including fitness trackers, smart watches, some medical devices and other household smart devices, could be susceptible to security breaches and may reveal sensitive location data.
“While there are countless benefits to using mobile devices, location data exposure can be a risk to users,” Neal Ziring, technical director for cybersecurity at the NSA, said in a
statement to the Wall Street Journal.
“NSA publishes technical and threat analyses based on our authorities and customer needs. As connected mobile devices continue to expand into more networks, we’ve received more queries from our national security customers about using them securely.”
The warning comes as tensions between Washington and Beijing grow over the Chinese-owned video-sharing app TikTok, with US President Donald Trump last week saying he plans to ban the app from the US over concerns that China may be using it to collect data on American citizens and businesses.
Most recently, US Secretary of State Mike Pompeo told reporters Wednesday that the Land of the Free wants to “see untrusted Chinese apps removed from app stores,” noting that apps TikTok and messenger platform WeChat post significant threats to Americans’ personal data.
Microsoft on Sunday revealed that it is in talks to buy some operations of TikTok. Trump this week said he would allow an American company like Microsoft to buy the app, with the caveat that the US Treasury would get a “very large percentage” of the selling price.
"Whether it's Microsoft or somebody else, or if it's the Chinese - what the price is, the United States could - should get a very large percentage of that price. Because we're making it possible," he said, CNN reported.
Sunday, August 9, 2020
Locals of Binza in Rutshuru cryout for help because FARDC harrasses them
The population of the Binza group in Rutshuru territory (North Kivu) complains of harassment to which they are subjected by the security services. It first cites violations committed by the armed forces deployed there.
Aimé Mukanda Mbusa, human rights defender and one of the local notables who denounce these military harassments, regrets that the Binza group, already threatened by the insecurity maintained by armed militias, is forced to bully the FARDC supposed to bring peace there.
Among these harassments, he speaks in particular of those perpetrated at the level of 2 barriers erected on the Kiwanja-Ishasha section where the crossing is only authorized after payment of between 200 FC and 1000 FC as the case may be.
The human rights defender indicates that several alerts have already been issued in this direction but that the local authorities have never taken binding measures.
"Currently, 2 barriers erected on the Kiwanja-Ishasha road. We human rights defenders do not understand why the army is acting this way. These barriers are there to ransom the inhabitants. We are forced to pay 1000 FC for every barrier. If you don't have a voter card, they keep you there for long hours and even beats you, "he said.
Rutshuru is one of the territories in North Kivu most affected by the activism of rebel groups.
In addition to the FDLR, an armed group of Rwandan origin, there are Mai-Mai, Nyatura, Nduma defense of Congo who are cited in the assassinations as well as the almost daily kidnappings of civilians.
Aimé Mukanda Mbusa, human rights defender and one of the local notables who denounce these military harassments, regrets that the Binza group, already threatened by the insecurity maintained by armed militias, is forced to bully the FARDC supposed to bring peace there.
Among these harassments, he speaks in particular of those perpetrated at the level of 2 barriers erected on the Kiwanja-Ishasha section where the crossing is only authorized after payment of between 200 FC and 1000 FC as the case may be.
The human rights defender indicates that several alerts have already been issued in this direction but that the local authorities have never taken binding measures.
"Currently, 2 barriers erected on the Kiwanja-Ishasha road. We human rights defenders do not understand why the army is acting this way. These barriers are there to ransom the inhabitants. We are forced to pay 1000 FC for every barrier. If you don't have a voter card, they keep you there for long hours and even beats you, "he said.
Rutshuru is one of the territories in North Kivu most affected by the activism of rebel groups.
In addition to the FDLR, an armed group of Rwandan origin, there are Mai-Mai, Nyatura, Nduma defense of Congo who are cited in the assassinations as well as the almost daily kidnappings of civilians.
A soldier of the Armed Forces of the Democratic Republic of Congo was killed on the night of Saturday 08 to Sunday 09 August 2020, by armed bandits in the Mudusa groupement in Kabare territory in South Kivu.
According to local civil society, this soldier was found dead after trying to intervene when these armed bandits looted property from the population in Buhimba.
"We found the body of this soldier in Buhimba, Cimpwiji village near the number 2 national road. The victim soldier was killed when he tried to intervene when bandits looted instead said among the Chinese. a soldier from Cirhundu camp in the Mudusa groupement, "Mugisho Cirhulwire Grace said.
Early in the morning of this Sunday, a strong tension was observed in Mushweshwe in the territory of Kabare after this assassination.
The angry soldiers barricaded the Bukavu-Walungu road to criticize the killing of one of their members.
That is the way we attack!if you are a cyber security enthusiast just try it and enjoy!!Creating Unlimited Rotating IP Addresses with AWS....
Create the Control-Server
The control-server is a OpenVPN server that your workstation will connect to. This server always remains up. Exit-nodes are systems connected to the control-server that provides load balancing and multiple source IP addresses. Exit-nodes can scale up and down to suite your needs.
AWS (setup the control-server)
#1 — Create a separate SSH key pair
1. In the AWS console, go to
services (upper left)
2. Select EC2 under the Compute section.
3. Select Key Pairs in the nav on the left.
4. Select Create Key Pair and name it ‘ proxycannon ’.
5. Download and save the key to ~/.ssh/proxycannon.pem
#2 — Launch the control-server instance
1. Launch (1) Ubuntu Server t1-micro instance and use the
proxycannon keypair.
Recommend public AMI
ami-0f65671a86f061fcd
It is only available in us-east-2 but any Ubuntu Server 18.04 AMI should work.
2. Login to the control-server via ssh
3. Download and install (come and i give it to you)
$ cd proxycannon-ng/setup
$ chmod +x ./install.sh
$ sudo ./install.sh
#3 — Create a new IAM user, set the needed permissions, and copy over your keys. It’s quick:
1. In the AWS console, go to
services (upper left)
2. Select IAM under the Security, Identity & Compliance section
3. In IAM, select Users in the nav on the left.
4. Select Add user
5. Fill out a User name, and for access type, select programmatic access. Click
Next.
6. Select the tab/box that’s labeled Attach existing policies directly. Add the following policy: AmazonEC2FullAccess. Click
Next, than Create user
7. Copy the access key and secret for the control-server and paste it in ~/.aws/credentials
[default]
aws_access_key_id = REPLACE_WITH_YOUR_OWN
aws_secret_access_key = REPLACE_WITH_YOUR_OWN
region = us-east-2
#4 — Setup terraform
Perform the following on the control-server:
1. Copy your proxycannon.pem SSH key into ~/.ssh/proxycannon.pem
2. cd into proxycannon-ng/nodes/aws and edit the
variables.tf file updating it with the subnet_id . This is the same subnet_id that your control server is using. You can get this value from the AWS console when viewing the details of the control-server instance. Defining this subnet_id makes sure all launched exit-nodes are in the same subnet as your control server.
3. Run terraform init to download the AWS modules. (you only need to do this once)
#5 — Copy OpenVPN files to your workstation
Copy the following files from the control-server to the /etc/openvpn directory on your workstation:
~/proxycannon-client.conf
/etc/openvpn/easy-rsa/keys/ta.key
/etc/openvpn/easy-rsa/keys/ca.crt
/etc/openvpn/easy-rsa/keys/client01.crt
/etc/openvpn/easy-rsa/keys/client01.key
You can also run this script below to compress everything you need to ~/copy_me.tar.gz and then you can download that and extract to /etc/openvpn on your workstation.
Optional script to compress everything you need in to ~/copy_me.tar.gz
# Copy necessary files and compress to ~/copy_me.tar.gz
$ mkdir ~/copy_me
$ sudo cp ~/proxycannon-client.conf ~/copy_me
$ sudo cp /etc/openvpn/easy-rsa/keys/ta.key ~/copy_me
$ sudo cp /etc/openvpn/easy-rsa/keys/ca.crt ~/copy_me
$ sudo cp /etc/openvpn/easy-rsa/keys/client01.crt ~/copy_me
$ sudo cp /etc/openvpn/easy-rsa/keys/client01.key ~/copy_me
$ tar czfv ~/copy_me.tar.gz ~/copy_me
After you copied and extracted the files to /etc/openvpn on your workstation test OpenVPN connectivity from your workstation by running:
$ openvpn --config proxycannon-client.conf
Setup Completed!
From now on you’ll only need to connect to the VPN to use
proxycannon-ng .
The next section details how to add and remove exit-nodes (source IPs):
Managing exit-nodes
Scaling of exit-nodes is controlled on the control-server using terraform.
Scale up exit-nodes
To create AWS exit-nodes, do the following:
1. cd into proxycannon-ng/nodes/aws
2. Edit the count value in
variables.tf to the number of exit-nodes (source IPs) you’d like
3. run terraform apply to launch the instances.
Scale down exit-nodes
If you want to stop all exit-nodes run terraform destroy .
OR
Scaling down exit-nodes can be done by reducing the count value in variables.tf and running
terraform apply again. Terraform will automatically remove X number of exit-node instances.
The control-server is a OpenVPN server that your workstation will connect to. This server always remains up. Exit-nodes are systems connected to the control-server that provides load balancing and multiple source IP addresses. Exit-nodes can scale up and down to suite your needs.
AWS (setup the control-server)
#1 — Create a separate SSH key pair
1. In the AWS console, go to
services (upper left)
2. Select EC2 under the Compute section.
3. Select Key Pairs in the nav on the left.
4. Select Create Key Pair and name it ‘ proxycannon ’.
5. Download and save the key to ~/.ssh/proxycannon.pem
#2 — Launch the control-server instance
1. Launch (1) Ubuntu Server t1-micro instance and use the
proxycannon keypair.
Recommend public AMI
ami-0f65671a86f061fcd
It is only available in us-east-2 but any Ubuntu Server 18.04 AMI should work.
2. Login to the control-server via ssh
3. Download and install (come and i give it to you)
$ cd proxycannon-ng/setup
$ chmod +x ./install.sh
$ sudo ./install.sh
#3 — Create a new IAM user, set the needed permissions, and copy over your keys. It’s quick:
1. In the AWS console, go to
services (upper left)
2. Select IAM under the Security, Identity & Compliance section
3. In IAM, select Users in the nav on the left.
4. Select Add user
5. Fill out a User name, and for access type, select programmatic access. Click
Next.
6. Select the tab/box that’s labeled Attach existing policies directly. Add the following policy: AmazonEC2FullAccess. Click
Next, than Create user
7. Copy the access key and secret for the control-server and paste it in ~/.aws/credentials
[default]
aws_access_key_id = REPLACE_WITH_YOUR_OWN
aws_secret_access_key = REPLACE_WITH_YOUR_OWN
region = us-east-2
#4 — Setup terraform
Perform the following on the control-server:
1. Copy your proxycannon.pem SSH key into ~/.ssh/proxycannon.pem
2. cd into proxycannon-ng/nodes/aws and edit the
variables.tf file updating it with the subnet_id . This is the same subnet_id that your control server is using. You can get this value from the AWS console when viewing the details of the control-server instance. Defining this subnet_id makes sure all launched exit-nodes are in the same subnet as your control server.
3. Run terraform init to download the AWS modules. (you only need to do this once)
#5 — Copy OpenVPN files to your workstation
Copy the following files from the control-server to the /etc/openvpn directory on your workstation:
~/proxycannon-client.conf
/etc/openvpn/easy-rsa/keys/ta.key
/etc/openvpn/easy-rsa/keys/ca.crt
/etc/openvpn/easy-rsa/keys/client01.crt
/etc/openvpn/easy-rsa/keys/client01.key
You can also run this script below to compress everything you need to ~/copy_me.tar.gz and then you can download that and extract to /etc/openvpn on your workstation.
Optional script to compress everything you need in to ~/copy_me.tar.gz
# Copy necessary files and compress to ~/copy_me.tar.gz
$ mkdir ~/copy_me
$ sudo cp ~/proxycannon-client.conf ~/copy_me
$ sudo cp /etc/openvpn/easy-rsa/keys/ta.key ~/copy_me
$ sudo cp /etc/openvpn/easy-rsa/keys/ca.crt ~/copy_me
$ sudo cp /etc/openvpn/easy-rsa/keys/client01.crt ~/copy_me
$ sudo cp /etc/openvpn/easy-rsa/keys/client01.key ~/copy_me
$ tar czfv ~/copy_me.tar.gz ~/copy_me
After you copied and extracted the files to /etc/openvpn on your workstation test OpenVPN connectivity from your workstation by running:
$ openvpn --config proxycannon-client.conf
Setup Completed!
From now on you’ll only need to connect to the VPN to use
proxycannon-ng .
The next section details how to add and remove exit-nodes (source IPs):
Managing exit-nodes
Scaling of exit-nodes is controlled on the control-server using terraform.
Scale up exit-nodes
To create AWS exit-nodes, do the following:
1. cd into proxycannon-ng/nodes/aws
2. Edit the count value in
variables.tf to the number of exit-nodes (source IPs) you’d like
3. run terraform apply to launch the instances.
Scale down exit-nodes
If you want to stop all exit-nodes run terraform destroy .
OR
Scaling down exit-nodes can be done by reducing the count value in variables.tf and running
terraform apply again. Terraform will automatically remove X number of exit-node instances.
BlueRepli vulnerability presents android phones to dangers of intrusion by hackers
There has been no shortage of Bluetooth related attacks disclosed in recent years, including BlueBorne and BadBlueTooth among numerous others. At the Black Hat USA 2020 virtual event on August 5, a new attack was added to the list of Bluetooth vulnerabilities, with the public disclosure of BlueRepli.
Security researchers Sourcell Xu and
Xin Xin described the BlueRepli attack as a way to bypass Bluetooth authentication on Android phones, without detection. In a series of recorded demos, the researchers demonstrated how, with limited or no user interaction, they were able to abuse Bluetooth to steal a target device’s phone book as well as all of the SMS text messages it had received.
For reasons, not fully shared by the researchers, the BlueRepli attack does currently not work on Apple iOS devices. Additionally, the researchers noted that they had disclosed the issues to Google and the Android Open Source Project (AOSP), but according to them, to date the issue has not been patched.
At the core of the BlueRepli attack is an abuse of what are known as Bluetooth Profiles. Xu explained that Bluetooth Profiles detail specific application scenarios that can be used to enable connectivity. For example, there is the Phone Book Access Profile (PBAP) to enable access to a user’s phone book, while the Message Access Profile (MAP) provides access to text messages.
Xu noted that a Bluetooth vulnerability disclosed in 2019 dubbed “BadBlueTooth” also took advantage of Bluetooth Profiles. Although in that attack scenario, the victim needed to install a malicious app, whereas with BadRepli, nothing needs to be installed. Any Android device within Bluetooth range can potentially be at risk from the BadRepli attack.
To help demonstrate the attack and allow others to test, the researchers created a software project called BlueRepli Plus that is set to be demonstrated during the Black Hat Arsenal tools demonstration on Augusrt 6.
How BlueRepli Works
Xu explained that there are several typical Bluetooth pairing scenarios that users are familiar with. Among the most common is when a user is presented with a yes/no dialog box to accept a connection, or gets a six digit series of numbers that needs to be entered.
There is, however, another option that is defined in the Bluetooth specification, known as ‘just works’ which, when triggered, can bypass the need for user interaction to enable a connection. With BlueRepli, the researchers claimed that it was possible to bypass the authentication in several ways including making use of the just works option.
Xu explained that in a deception-based attack, the attacker first gets the victim’s Bluetooth address by simple scanning. The attacker pretends to be a Bluetooth device and a well-known application name like Skype (for example) and requests the victim’s Android phone for a phone book or short messages. After the victim grants the attacker permission due to deception, the attacker can get the data.
The other attack that Xu described is a vulnerability-based attack where the attacker first obtains two Bluetooth device addresses by scanning. The first address is the victim’s Bluetooth address, while the second is an address that has obtained the access permission of the victim, like Bluetooth headsets that belong to the victim. The attacker changes his address to the second address, and then directly requests data (phone book and SMS) from the victim.
“Data will be passed back to the attacker without the victim’s knowledge,” Xu said.
Security researchers Sourcell Xu and
Xin Xin described the BlueRepli attack as a way to bypass Bluetooth authentication on Android phones, without detection. In a series of recorded demos, the researchers demonstrated how, with limited or no user interaction, they were able to abuse Bluetooth to steal a target device’s phone book as well as all of the SMS text messages it had received.
For reasons, not fully shared by the researchers, the BlueRepli attack does currently not work on Apple iOS devices. Additionally, the researchers noted that they had disclosed the issues to Google and the Android Open Source Project (AOSP), but according to them, to date the issue has not been patched.
At the core of the BlueRepli attack is an abuse of what are known as Bluetooth Profiles. Xu explained that Bluetooth Profiles detail specific application scenarios that can be used to enable connectivity. For example, there is the Phone Book Access Profile (PBAP) to enable access to a user’s phone book, while the Message Access Profile (MAP) provides access to text messages.
Xu noted that a Bluetooth vulnerability disclosed in 2019 dubbed “BadBlueTooth” also took advantage of Bluetooth Profiles. Although in that attack scenario, the victim needed to install a malicious app, whereas with BadRepli, nothing needs to be installed. Any Android device within Bluetooth range can potentially be at risk from the BadRepli attack.
To help demonstrate the attack and allow others to test, the researchers created a software project called BlueRepli Plus that is set to be demonstrated during the Black Hat Arsenal tools demonstration on Augusrt 6.
How BlueRepli Works
Xu explained that there are several typical Bluetooth pairing scenarios that users are familiar with. Among the most common is when a user is presented with a yes/no dialog box to accept a connection, or gets a six digit series of numbers that needs to be entered.
There is, however, another option that is defined in the Bluetooth specification, known as ‘just works’ which, when triggered, can bypass the need for user interaction to enable a connection. With BlueRepli, the researchers claimed that it was possible to bypass the authentication in several ways including making use of the just works option.
Xu explained that in a deception-based attack, the attacker first gets the victim’s Bluetooth address by simple scanning. The attacker pretends to be a Bluetooth device and a well-known application name like Skype (for example) and requests the victim’s Android phone for a phone book or short messages. After the victim grants the attacker permission due to deception, the attacker can get the data.
The other attack that Xu described is a vulnerability-based attack where the attacker first obtains two Bluetooth device addresses by scanning. The first address is the victim’s Bluetooth address, while the second is an address that has obtained the access permission of the victim, like Bluetooth headsets that belong to the victim. The attacker changes his address to the second address, and then directly requests data (phone book and SMS) from the victim.
“Data will be passed back to the attacker without the victim’s knowledge,” Xu said.
Thursday, August 6, 2020
Hundreds of Congolese stranded in Rwanda must first prove that they are free from Covid19 before entering DRC land
hundred Congolese who would like to return to the city of Bukavu in South Kivu are stranded in Rwanda.
In an interview on Wednesday, August 05, 2020, Cosmos Bishisha, provincial minister of health specified that these Congolese must have proof that they have tested negative against Covid-19 to cross the border and return to the city of Bukavu.
“With Covid-19 today, we have regulated the movement of people from one country to another. We have a protocol that we must follow. This protocol stipulates that for anyone coming from abroad must provide proof that they are not contaminated by the virus via the laboratory test valid for 72 hours. These Congolese who are in Rwanda and who want to return to the country must present the results of the tests carried out in this country of origin to us, ”he explained.
He specifies that the rapid test for personal and / or travel reasons is chargeable at the price of $ 30 throughout the entire Democratic Republic of Congo.
It should be recalled that since last week, several Congolese who have received authorization from the DRC embassy in Rwanda to be repatriated have been blocked to cross the border for lack of test results.
Subscribe to:
Posts (Atom)
-
With the widespread availability of the Internet today, there are still times when it may not be feasibly available. Be it on a flight, du...
-
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most ...
-
A new way for cybercriminals to create fake social media profiles and carry identity scams using Artificial Intelligence powered tool? A ...
