The IT Nerd

The Cybrary Threat Intelligence Group has just published findings on detecting Bluetooth stalking and actionable threats to IIoT and IoT-enabled assets in two new blog posts this morning:

To briefly summarize Cybrary’s work and findings:

• Bluetooth trackers relay their location and can use just about everything in their ecosystem to act as a bridge to the internet, and can put both personal safety and the integrity of IIoT-connected resources, such as those found throughout critical infrastructure, at high risk.
• Manufacturers’ Security Steps – Limits to Effectiveness: In December 2022, The Cybrary Threat Intelligence Group noted Apple’s updated effort to limit the use of AirTags in stalking, and undertook research to determine whether the device was still capable of misuse, and if so, what could be done to thwart such use. Manufacturers have taken steps to prevent misuse. Nonetheless:
  • Tile lets a Tile owner evade detection in exchange for personal data.
  • Newer iPhones disclose when an AirTag is near, but often not until several hours after detecting it – precious time during which a stalker could act.
  • Detecting cross-platform surveillance – such as if an iPhone user is surveilled with a Tile – is even more difficult.
• Cybrary Research Approach: To demonstrate manufacturers’ detection flaws and enable actual device detection, regardless of device type, the Cybrary Threat Intelligence Group used several approaches and wireless Pentesting tools, knowledge of RF protocols, and blackbox analysis skills to examine, duplicate, and port the findings to the Swiss army tool for RF HACKERS,  the Flipper Zero. The Flipper Zero is a small device that lets users interact with all manner of RF devices such as TV controllers and key fobs. Its antennas read a wide range of common signals, and it has an extensive and actively contributing user community.
• Method: Cybrary isolated the radio signals from each brand of tracking device, stored those signatures, and built an application that enables users to immediately detect any brand of Bluetooth tracker – including Tile, despite its offered option to hide the tracker from detection. 
• Implications: The implications of this are significant, both for thwarting stalkers and as IoT and especially IIoT are being installed across the oil and gas industry, regional water systems and other critical infrastructure. We determined that:
  • ​​​​​​​Cybrary R&D developed detection means to advance both personal privacy, safety and CI security; and
  • Importantly, we codified that aspects of planning attacks on IoT and RF devices can be almost identical in method to planning attacks on networks. Defensive training to protect IoT and IIoT environments and resources against intrusion is just as important as that to protect against intrusion of corporate networks, and even more critical for IoT and IIoT security against intrusion.
  • Moreover, in the short term, there may be debate on whether the availability of “tracker scans” in public gathering places has a role to play in the prevention of stalking and its catastrophic harms. Cybrary does not take a stance for or against this as it is outside of its scope of research.

Here are links to the blog posts:

Cybrary Counter-Stalking Initiative

Cybrary Threat Intelligence Group (CTIG) IoT Research

This entry was posted on April 12, 2023 at 12:16 pm and is filed under Commentary with tags Cybrary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.