More stories

  • in

    Big changes to 1Password in the browser as it adds biometric unlocking

    Popular password manager 1Password has updated its browser extension to enable support for Apple’s Touch ID and Microsoft’s Windows Hello biometric authentication. Biometric authentication has arrived in 1Password’s browser extension, which reached version 2.0. The company notes that users will need to have the 1Password desktop application installed for biometric authentication to work. But support for Touch ID on Macs with it and Windows Hello on Windows 10 PCs should speed up the unlocking experience. 

    ZDNet Recommends

    The new biometric authentication feature for the browser follows 1Password’s release of the 1Password app for Linux systems earlier this month. The app’s backend was written in well-liked programming language Rust.The browser biometrics feature is also available for Linux biometrics systems. 1Password’s Linux app was made available for Debian, Ubuntu, CentOS, Fedora, Arch Linux, and Red Hat Enterprise Linux. 1Password has also introduced dark mode for its extension in the browser to help users working at night. Dark mode has been applied to the 1Password popup and its on-page suggestions. The company also developed a new save experience for the password manager when adding new online accounts. The change is designed to make it easier to create, save and update logins inside the browser. The save window now displays everything that will be added to a new account item and allows users to adjust the contents and add tags. Also, handily, its password generator suggests passwords that fit the password requirements of the site the user is on.  

    SEE: Ransomware just got very real. And it’s likely to get worse1Password’s release notes for its 2.0 extension list 55 changes to the extension. Some other handy features include that Linux users can download file attachments created with 1Password. There are lots of UI tweaks to improve the experience, a few bug fixes, faster pop-up load times, QR code detection for the Epic Games website and password filling fixes for specific websites.   More

  • in

    Fake human rights organization, UN branding used to target Uyghurs in ongoing cyberattacks

    United Nations (UN) branding is being abused in a campaign designed to spy on Uyghurs.  On Thursday, Check Point Research (CPR) and Kaspersky’s GReAT team said that the campaign, likely to be the work of a Chinese-speaking threat actor, is focused on Uyghurs, a Turkic ethnic minority found in Xinjiang, China.  Potential victims are sent phishing documents branded with the United Nations’ Human Rights Council (UNHRC) logo. Named UgyhurApplicationList.docx, this document contains decoy material relating to discussions of human rights violations.  However, if the victim enables editing on opening the file, VBA macro code then checks the PC’s architecture and downloads either a 32- or 64-payload.  Dubbed “OfficeUpdate.exe,” the file is shellcode that fetches and loads a remote payload, but at the time of analysis, the IP was unusable. However, the domains linked to the malicious email attachment expanded the investigation further to a malicious website used for malware delivery under the guise of a fake human rights organization.The “Turkic Culture and Heritage Foundation” (TCAHF) domain claims to work for “Tukric culture and human rights,” but the copy has been stolen from opensocietyfoundations.org, a legitimate civil rights outfit. This website, directed at Uyghurs seeking funding, tries to lure visitors into downloading a “security scanner” prior to filing the information required to apply for a grant. However, the software is actually a backdoor. 

    The website offered a macOS and Windows version but only the link to the latter downloaded the malware.  Two versions of the backdoor were found; WebAssistant that was served in May 2020, and TcahfUpdate which was loaded from October. The backdoors establish persistence on victim systems, conduct cyberespionage and data theft, and may be used to execute additional payloads.  Victims have been located in China and Pakistan in regions mostly populated by Uyghurs. CPR and Kasperksy say that while the group doesn’t appear to share any infrastructure with other known threat groups, they are most likely Chinese-speaking and are still active, with new domains registered this year to the same IP address connected to past attacks.  “Both domains redirect to the website of a Malaysian government body called the “Terengganu Islamic Foundation”,” the researchers say. “This suggests that the attackers are pursuing additional targets in countries such as Malaysia and Turkey, although they might still be developing those resources as we have not yet seen any malicious artifacts associated with those domains.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    Human Rights Commission calls for a freeze on 'high-risk' facial recognition

    Image: Getty Images
    The Australian Human Rights Commission (AHRC) has called for stronger laws around the use facial recognition and other biometric technology, asking for a ban on its use in “high-risk” areas.The call was made in a 240-page report [PDF] from the AHRC, with outgoing Human Rights Commissioner Edward Santow saying Australians want technology that is safe, fair, and reliable, and technology that with the right settings in law, policy, education, and funding, the government, alongside the private sector, can “build a firm foundation of public trust in new technology”.”The use of AI in biometric technology, and especially some forms of facial recognition, has prompted growing public and expert concern,” the report says.Must read: Facial recognition tech is supporting mass surveillance. It’s time for a ban, say privacy campaignersAs a result, the Commission recommends privacy law reform to protect against the “most serious harms associated with biometric technology”. “Australian law should provide stronger, clearer, and more targeted human rights protections regarding the development and use of biometric technologies, including facial recognition,” it wrote. “Until these protections are in place, the Commission recommends a moratorium on the use of biometric technologies, including facial recognition, in high-risk areas.”

    The report details a number of concerns raised throughout the AHRC’s consultation on the use of biometrics, such as the risk of profiling and errors leading to the risk of discrimination, including bias against people of colour, as well as a blanket concern over mass surveillance.The AHRC has made a number of recommendations as a result, with the first asking federal, state, and territory governments to introduce legislation that regulates the use of facial recognition and other biometric technology. The legislation, it said, should expressly protect human rights; apply to the use of this technology in decision making that has a legal, or similarly significant, effect for individuals, or where there is a high risk to human rights, such as in policing and law enforcement; and be developed through in-depth consultation with the community, industry, and expert bodies such as the AHRC and the Office of the Australian Information Commissioner (OAIC).”To date, existing legislation has not proven to be an effective brake on inappropriate use of facial and other biometric technology,” the report says. “Without effective regulation in this area, it seems likely that community trust in the underlying technology will deteriorate.”It has urged all governments across the country to work together.The AHRC has asked the moratorium on the use of facial recognition and other biometric technology in decision making — which has a legal, or similarly significant, effect for individuals, or where there is a high risk to human rights, such as in policing and law enforcement — be continued until such time as legislation is in place.The moratorium, however, would not apply to all uses of facial and biometric technology. “Particular attention should be given to high-risk contexts, such as the use of facial recognition in policing, in schools and in other areas where human rights breaches are more likely to occur,” it adds.It also said the government should introduce a statutory cause of action for serious invasion of privacy where biometrics are concerned.Calling for a modernised regulatory system to ensure that AI-informed decision making is “lawful, transparent, explainable, responsible, and subject to appropriate human oversight, review, and intervention”, the AHRC has also requested the creation of a new AI Safety Commissioner to help lead Australia’s transition to an “AI-powered world”. Desirably operating as an independent statutory office, the AI Safety Commissioner should focus on promoting safety and protecting human rights in the development and use of AI in Australia, such as through working with regulators to build technical capacity regarding the development and use of AI in their respective areas, as well as be responsible for monitoring and investigating developments and trends in the use of AI.See also: Ethics of AI: Benefits and risks of artificial intelligence It has also asked the government to convene a multi-disciplinary taskforce on AI-informed decision making that could perhaps be led by the AI Safety Commissioner.”The taskforce should consult widely in the public and private sectors, including with those whose human rights are likely to be significantly affected by AI-informed decision making,” it said.The report has also asked the government resource the AHRC accordingly so that it can produce guidelines for how to comply with federal anti-discrimination laws in the use of AI-informed decision making.To that end, another recommendation is that the government introduce legislation to require that a human rights impact assessment (HRIA) be undertaken before any department or agency uses an AI-informed decision-making system to make administrative decisions, as well other legislation that requires any affected individual to be notified when AI is materially used in making an administrative decision.It has also asked for an audit on existing, or proposed, AI-informed decision making.Making a total of 38 recommendations, the AHRC also touches on legal accountability for private sector use of AI, asking the legislation flagged for government use of AI also be extended to non-government entities. Elsewhere, it has asked the Attorney-General develop a Digital Communication Technology Standard under section 31 of the Disability Discrimination Act 1992 and consider other law and policy reform to implement the full range of accessibility obligations regarding Digital Communication Technologies under the Convention on the Rights of Persons with Disabilities. Additionally, it wants federal, state, territory, and local governments to commit to using digital communication technology that fully complies with recognised accessibility standards.”We need to ask a crucial question: Can we harness technology’s positive potential to deliver the future we want and need, or will it supercharge society’s worst problems? The decisions we make now will provide the answer,” Santow said. He labelled the report as setting out a roadmap for achieving this goal.SEE ALSO More

  • in

    Various Japanese government entities had data stolen in cyber attack: Report

    Data from various Japanese government entities has reportedly been stolen by hackers that gained access to Fujitsu’s ProjectWEB platform. Fujitsu’s software-as-a-service platform has since been taken down and the Japanese tech giant is currently investigating the scope of the attacks, Japan’s public broadcaster NHK said in a report. Among the impacted government entities are the Ministry of Land, Infrastructure, Transport, and Tourism; the Cabinet Secretariat; and Narita Airport. The land, infrastructure and transport ministry reportedly had at least 76,000 email addresses of its employees and business partners leaked, along with data on the ministry’s internal mail and internet settings. Meanwhile, the Cabinet Secretariat’s cybersecurity centre reportedly had data on the centre’s information system stolen from several of its offices. Narita Airport air traffic control data was also stolen, the report said, which has prompted the Cabinet Secretariat’s national cybersecurity centre to issue alerts about the use of the Fujitsu software. In the past three weeks alone, one of the US’ largest pipeline operators and healthcare institutions across Canada, New Zealand, and Ireland have faced cyber attacks. Related Coverage More

  • in

    Colonial Pipeline attack used to justify Australia's Critical Infrastructure Bill

    The Department of Home Affairs has said the recent ransomware attack earlier this month targeting the operator of the Colonial Pipeline in the United States was a “timely reminder” of why Australia’s Critical Infrastructure reforms are “so important”.Among other things, the Security Legislation Amendment (Critical Infrastructure) Bill 2020 would allow government to provide “assistance” to entities in response to significant cyber attacks on Australian systems. Tech giants operating in Australia, such as Amazon Web Services, Cisco, Microsoft, and Salesforce, have all taken issue with these “last resort” powers.”In the absence of these measures, we will remain vulnerable in an increasingly hostile threat environment for our critical infrastructure,” Home Affairs secretary Mike Pezzullo told Senate Estimates on Monday.”You saw the pipeline attack … transnational criminal groups are holding whole economic sectors effectively to ransom — we’re seeing this with hospital systems, we’re seeing it with vaccine data, and we’re seeing it with healthcare providers. Typically, the criminals will chase opportunity, in the knowledge that it’s likely to achieve a benefit.”In justifying the passage of the legislation, the secretary said it makes “good business sense” to have common platforms and connected systems so that, in an example of an electricity grid going down, plant operators and others can remotely dial in to see how machinery is performing. “For all of those reasons — and I could keep adding more layers of explanation — the government has seen fit to propose to the parliament that the current regime known as the Security of Critical Infrastructure Act be significantly overhauled to add additional layers of mitigation,” he said.”Should the Parliament see fit to pass this legislation — and, hopefully, as the government has proposed, by 30 June — we can enliven these obligations from 1 July.”

    Failing to pass the legislation, Pezzullo said, would see Australia left “perilous”.As part of the 2021-22 Budget, the government earmarked AU$42.4 million over two years to improve security arrangements for critical infrastructure assets, including those designated as systems of national significance, in accordance with the yet-to-be-passed Bill, and to assist critical infrastructure owners and operators to respond to significant cyber attacks. Pezzullo said the preponderance of the money is staffing resources. “There’s also some infrastructure mapping software and tools that we’re looking to put in place to understand the interdependencies of infrastructure,” he added. “It’s to assist us in designing what are called the rules under the legislation.”Department representatives later confirmed the funding would be spread across three components: Staffing expenses, supply costs, and capital. Staffing costs represent AU$21.4 million of the AU$42.4 million, and that is for 59 staff in 2021-22, and 83 in 2022-23. Supply costs are flagged as AU$14.9 million in 2021-22 and AU$6.1 million in 2022-23. Meanwhile, AU$1.1 million in 2021-22 and AU$1 million in 2022-23 are classed as “capital”, in particular, for an investment in the current regulatory management system to expand its capability and scope.Mandatory ransomware reporting under considerationPezzullo was asked if the government has considered the merits of a mandatory reporting requirement for any sort of cyber extortion or ransomware. “It’s currently considering that matter, as an extension of the cybersecurity strategy that was released last year … there was a specific commitment to put in place a national strategy to combat cybercrime, as an element of that,” Pezzullo said, pointing to the lacklustre Commonwealth cybersecurity strategy that was released in August.”Obviously, that work was well advanced. We’ve had a change of minister since that time. I have flagged with the minister that that will be one of the issues. I haven’t yet given her advice on that question. It is something on which I wish to consult with the Director-General of the Australian Signals Directorate, given the close working partnership that we necessarily need to have.”Pezzullo said he was also in the process of consulting with law enforcement and other colleagues due to the need to “balance the burden of reporting and the efficacy of reporting as against the value of that reporting”. “My inclination — I will not state it as an opinion — is that it’s likely that a regime of that character will be proposed, but there’s still some stakeholder engagement to undertake,” he said. “I don’t want to presume or preempt government policy. I think most advanced economies are at a point where, through some means, whether it’s mandatory reporting combined with the sorts of other measures that I’ve already described, a much more active defence posture will be required, simply because of the prevalence of the attacks, which I can state in those general terms.”Too much independence with government cloud useElsewhere on Monday, Pezzullo declared there is too much “independence” when it comes to the usage of cloud services across the government.Each government entity, in effect, contracts out their own cloud services, but in accordance with the Information Security Manual, the Secure Cloud Strategy, and the Data Hosting Strategy.”This is too much independence,” Pezzullo said. “The government has recently moved in that direction. So Minister Robert, who retains responsibility for digital services, has directed, through the promulgation of a data hosting policy framework and strategy, that departments are to consolidate their data hosting arrangements.”Internally, Michael Milford, group manager of technology and major capability within Home Affairs, said the department doesn’t have a heavy cloud presence “yet”. “Unlike most departments, we haven’t historically been a cloud department, but we do have a number of cloud services, primarily with a few of the systems we have been putting in place recently,” he said. “I don’t have the exact data on each of those, but there is Microsoft Azure Cloud, and others.”We do have a number, generally speaking, in scale they are small. We clearly get DTA’s guidance on those that are appropriate.”It is currently a requirement to have data stored in Australia, but historically that hasn’t always been the case. “We are in transition,” Milford said in response to being asked where Home Affairs’ data was located. “We are moving the data, or attempting to ensure that the data is 100% verified as being in Australia.”MORE ON THE CRITICAL INFRASTRUCTURE BILL More

  • in

    This weird memory chip vulnerability is even worse than we realised

    Google has detailed its work discovering a new Rowhammer vulnerability dubbed “Half-Double”, which evolves the style of attack on DRAM memory first reported in 2014 and suggests the Rowhammer problem won’t go away soon. 

    ZDNet Recommends

    The Rowhammer attack is unusual because it aims to cause “bit flips” by rapidly and repeatedly accessing data in one memory row on a RAM chip to create an electrical charge that changes data stored in other addresses in an adjacent “memory row” on a chip. The attacking memory rows are called “aggressors” and the rows where bit flips occur are called “victim rows”.  Over the years since the first Rowhammer attack was discovered, researchers have demonstrated numerous ways to use the technique to alter data stored on RAM cards, including DDR3 and DDR4 generations. While initially limited to scenarios where an attacker had physical access to the target, researchers eventually showed a Rowhammer attack could be carried out remotely over the web and use the technique to gain control of Linux VMs in the cloud.As Google Project Zero (GPZ) researchers explained in 2015, Rowhammer attackers work because DRAM cells are gradually becoming smaller and closer together. Miniaturization and the ability to pack in more memory capacity has made it harder to prevent DRAM cells from interacting electrically with each other. “Accessing one location in memory can disturb neighboring locations, causing charge to leak into or out of neighboring cells. With enough accesses, this can change a cell’s value from 1 to 0 or vice versa,” GPZ researchers explained of bit flips.  The Half-Double, which Google details on a PDF on GitHub, “capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory,” Google researchers explain in a new blogpost. 

    The style of attack is comparable to the speculative execution attacks on CPUs (Spectre and Meltdown), but rather focus on design vulnerabilities in DRAM. The consequences can be pretty nasty if the attacker successfully exploits these design issues. “As an electrical coupling phenomenon within the silicon itself, Rowhammer allows the potential bypass of hardware and software memory protection policies. This can allow untrusted code to break out of its sandbox and take full control of the system,” write Google’s research team, which includes Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler. Kim, now a software engineer at Google, was one of the researchers who reported the first Rowhammer vulnerability.  The Half-Double expands the original Rowhammer attack, which could cause bit flips at a distance of one DRAM row. The Half-Double shows the aggressor rows can cause bit flips on more distant victim rows.”With Half-Double, we have observed Rowhammer effects propagating to rows beyond adjacent neighbors, albeit at a reduced strength,” the team notes.       “Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to “transport” the Rowhammer effect of A onto C.”The Half-Double is interesting because it’s a property of the underlying silicon substrate, and suggests the increasing density of cells means Rowhammer vulnerabilities will live on. They add that Half-Double also differs from the TRRespass attack on DDR4 RAM detailed in 2020, which relied on reverse engineering to undermine some of the Rowhammer mitigations that DRAM vendors had implemented to prevent these attacks in DDR4.   “This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable,” the researchers note. Google additionally has been working with the semiconductor engineering trade organization JEDEC to search for mitigations to Rowhammer. 
    Google More

  • in

    Ransomware: Dramatic increase in attacks is causing harm on a significant scale

    A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK’s National Crime Agency (NCA) has warned.The NCA’s annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased over the last year, with more severe and high profile attacks against victims.Ransomware attacks in particular have grown in frequency and impact over the course of the last year, to such an extent they rank alongside other major crimes “causing harm to our citizens and communities on a significant scale,” warns the report.One of the things which has made ransomware much more dangerous is the increase in attacks which don’t just encrypt networks and demand a ransom paid in Bitcoin or other cryptocurrency in exchange for the decryption, but also see cyber criminals steal sensitive information from the victim organisation which the crooks threaten to publish it if their extortion demands aren’t met, potentially putting employees and members of the public at risk of additional fraud. According to the NCA report, over half of ransomware attacks now deploy this double extortion techniques.SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  In addition to this, ransom demands are rising, often reaching millions of pounds and the increased severity of attacks is reflected by the impacts on businesses and other organisations, which aren’t able to provide public services after falling victim to ransomware.

    The paper details the ransomware attack against Redcar and Cleveland Borough Council in Februrary 2020 as an example of how cyber crime can have consequences for society. As a result of the ransomware attack, the local authority was briefly unable to deliver frontline services, including functions around vulnerable children and adult care. The attack encrypted data relating to school admissions, delaying the placement process for students.The NCA worked with the National Cyber Security Centre (NCSC), law enforcement and local authorities in order to help restore services.Since then, the cyber threat has increased as criminals have exploited the Covid-19 pandemic and the rise of remote working as a means of gaining access to networks, via phishing attacks or breaching cloud services, Remote Desktop Protocal services and VPNs. “The increase in home working has increased risks to individuals and businesses,” says the report.Universities and schools have become regular targets for ransomware attacks, while organisations including the Scottish Environment Protection Agency (SEPA) and UK Research and Innovation (UKRI) have become high profile victims of ransomware attacks against UK targets this year.SEE: This company was hit by ransomware. Here’s what they did next, and why they didn’t pay upBut despite the increasing threat of ransomware and the scale of the damage that can be done, it’s possible to take steps to avoid falling victim to it in the first place. The NCA recommends organisations keep software up-to-date by applying patches in order to prevent cyber criminals from being able to exploit known vulnerabilities to gain access to the network.Organisations should also ensure that staff are using strong, unique passwords in order to prevent them being breached in brute-force attacks and that two-factor authentication should be applied where possible to provide an extra barrier to cyber criminals, should they successfully crack an account.It’s also recommended that organisations back up important data to an external hard drive or to cloud-based storage, so if the worst happens and they are hit by a ransomware attack, data can be recovered without paying cyber criminals for the decryption key.MORE ON CYBERSECURITY More

  • in

    Bluetooth bugs open the door for attackers to impersonate devices

    Threat actors could exploit vulnerabilities in the Bluetooth Core and Mesh specifications to impersonate devices during pairing, paving the way to man-in-the-middle (MITM) attacks. 

    The vulnerabilities, disclosed by researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) and disclosed on Monday, allow for “impersonation attacks and AuthValue disclosures” according to a Carnegie Mellon University CERT Coordination Center advisory.Bluetooth Core and Mesh are separate specifications suitable for low-energy and Internet of Things (IoT) devices or and many-to-many (m:m) device communication for large-scale networks.  The vulnerabilities are as follows: CVE-2020-26558: A vulnerability in the Passkey Entry protocol, used during Secure Simple Pairing (SSP), Secure Connections (SC), and LE Secure Connections (LESC) in Bluetooth Core (v.21 – 5.2). Crafted responses could be sent during pairing by an attacker to determine each bit of the randomly generated Passkey generated during pairing, leading to impersonation.  CVE-2020-26555: Another vulnerability in Bluetooth Core (v1.0B through 5.2), the BR/EDR PIN Pairing procedure can also be abused for the purposes of impersonation. Attackers could spoof Bluetooth device addresses of a target device, reflect encrypted nonces, and complete BR/EDR pin-code pairing without knowing the pin code. This attack requires a malicious device to be in wireless range.  CVE-2020-26560: Impacting Bluetooth Mesh (v.1.0, 1.0.1), this vulnerability could allow attackers to spoof devices being provisioned via crafted responses created to appear to possess an AuthValue.This may give them access to a valid NetKey and AppKey. An attacker’s device needs to be in the wireless range of a Mesh Provisioner.  

    CVE-2020-26557: Affecting Bluetooth Mesh (v.1.0, 1.0.1), the Mesh Provisioning protocol could allow attackers to perform a brute-force attack and secure a fixed value AuthValue, or one that is “selected predictably or with low entropy,” leading to MiTM attacks on future provisioning attempts.  CVE-2020-26556: If the AuthValue can be identified during provisioning, the Bluetooth Mesh authentication protocol (v.1.0, 1.0.1) is vulnerable and may be abused to secure a Netkey. However, the researchers note that attackers must identify the AuthValue before a session timeout.  CVE-2020-26559: The Mesh Provisioning procedure used by Bluetooth Mesh (v.1.0, 1.0.1) allows attackers, with provision — but without access to the AuthValue — to identify the AuthValue without the need for a brute-force attack.  “Even when a randomly generated AuthValue with a full 128-bits of entropy is used, an attacker acquiring the provisioner’s public key, provisioning confirmation value, and provisioning random value, and providing its public key for use in the provisioning procedure, will be able to compute the AuthValue directly,” the advisory reads.  The researchers also identified a potential vulnerability in Bluetooth Core relating to LE Legacy Pairing in versions 4.0 to 5.2 which could allow an attacker-controlled device to perform pairing without knowledge of temporary keys (TK).  The Android open source project, Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are cited as vendors with software vulnerable to the disclosed vulnerabilities, in some form or another.  The Android open source project said, “Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin.” Cisco said: “Cisco has investigated the impact of the aforementioned Bluetooth Specification vulnerabilities and is currently waiting for all the individual product development teams to provide software fixes to address them.” Microchip Technologies is also working on patches.  Red Hat, Cradlepoint, and Intel did not issue the team statements ahead of public disclosure.  Bluetooth Special Interest Group (SIG), which works on the development of global Bluetooth standards, has also published separate security advisories.  To mitigate the risk of exploit, updates from operating system manufacturers should be accepted once they are made available.  The research follows a separate Bluetooth-related security issue disclosed in September 2020 by Purdue University academics. Dubbed the Bluetooth Low Energy Spoofing Attack (BLESA), the vulnerability impacts devices running on the Bluetooth Low Energy (BLE) protocol, a system used when limited battery power is available. ZDNet has reached out to Red Hat, Cradlepoint, and Intel and we will update when we hear back.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More