Latest news with #BLE
National Post
8 hours ago
- Business
- National Post
Quectel Unveils High-Performance KCMA32S Zigbee & BLE Module for Smart Lighting, Building and Home Networks
Article content BELGRADE, Serbia — Quectel Wireless Solutions, a global IoT solutions provider, has announced the launch of its latest high-performance MCU Zigbee and BLE module, the KCMA32S. This innovative module is designed to meet the growing demands of IoT applications, featuring advanced connectivity options and a compact form factor. Article content This module brings together robust multi-protocol connectivity, advanced security features, and a compact form factor, empowering developers to create smarter, more scalable IoT devices Article content Powered by Silicon Labs' ultra-low-power EFR32MG21 wireless SoC, the KCMA32S module supports Zigbee 3.0 and BLE 5.3, enabling multi-protocol coexistence for enhanced communication capabilities. It is powered by an ARM Cortex-M33 processor with a frequency of up to 80 MHz, ensuring efficient performance for a wide range of applications. The module offers flexible memory configurations to suit various applications, with options of 64 KB RAM and 768 KB flash memory, or 96 KB SRAM and 1024 KB flash memory, providing ample resources for developers to create robust solutions. Article content A key feature of the KCMA32S is its support for Zigbee/BLE mesh networking, which increases network scalability and node counts with mesh topology. This capability is particularly suitable for devices that enable many-to-many communications, such as smart lighting, smart buildings, and smart home wireless networks. Additionally, the module offers an enhanced security option, Secure Vault, which provides a higher level of IoT security. Article content 'With the launch of the KCMA32S, we're expanding the possibilities for compact, high-performance IoT solutions,' commented Delbert Sun, Vice General Manager, Product Division, Quectel Wireless Solutions. 'This module brings together robust multi-protocol connectivity, advanced security features, and a compact form factor, empowering developers to create smarter, more scalable IoT devices across industries like smart lighting, building automation, and consumer electronics.' Article content With its ultra-compact size of 20.0 mm × 12.0 mm × 2.2 mm, the KCMA32S is designed in a LCC + LGA form factor, optimizing both size and cost for end-products. This versatility allows for compatibility with diverse designs, making it an ideal choice for various IoT applications. Article content The KCMA32S supports up to 20 GPIOs, which can be multiplexed for various interfaces, including I2C, UART, SPI, and I2S, in the QuecOpen SDK solution. It also boasts superior sensitivity of -104 dBm and a transmit power of up to +20 dBm, providing flexibility and versatility for a range of applications. Article content Key features of the KCMA32S include: Article content The KCMA32S module is set to revolutionize the way developers approach IoT solutions, providing a powerful, compact, and secure option for a variety of applications. Article content About Quectel Article content Quectel's passion for a smarter world drives us to accelerate IoT innovation. A highly customer-centric organization, we are a global IoT solutions provider backed by outstanding support and services. Our growing global team of 5,800+ professionals sets the pace for innovation in cellular, GNSS, satellite and Wi-Fi and Bluetooth modules as well as antennas and services. Article content With regional offices and support across the globe, our international leadership is devoted to advancing IoT and helping build a smarter world. Article content Article content Article content
Mint
08-07-2025
- Mint
Jack Dorsey quietly dropped a game-changing chat app and it's already full: All about it
Tech entrepreneur Jack Dorsey has announced a new decentralised messaging application called Bitchat, designed to operate without the internet and without requiring personal information. Bitchat, described by Dorsey as a 'weekend project', enables peer-to-peer messaging through Bluetooth Low Energy (BLE) mesh networks, allowing users to communicate within a range of over 300 metres, even in the absence of cellular or Wi-Fi connectivity. The app is currently available in beta via Apple's TestFlight, although early access slots were filled shortly after the announcement. According to a whitepaper published on GitHub, Bitchat allows for direct device-to-device messaging, where each phone simultaneously acts as both sender and receiver. This system supports multi-hop message transfers, meaning a message can pass through several nearby devices to reach its destination, further extending its operational range. Crucially, the app does not require a phone number, email, or any form of account to function. This, paired with its decentralised infrastructure, which is free of servers or central control and makes Bitchat highly resilient to censorship and network disruptions. Messages are stored ephemerally in device memory, with automatic caching in place if a recipient is temporarily unreachable. Messages are then delivered when the recipient reconnects to the mesh network. The platform features a tiered message retention system. Standard messages are automatically deleted after 12 hours, whereas messages marked as 'favourites' are preserved indefinitely. For security, Bitchat uses end-to-end encryption, combining the Curve25519 elliptic curve with the AES-GCM encryption algorithm for a layered approach to data protection. Functionality-wise, Bitchat offers familiar tools such as mentions to tag users and topic-based rooms, akin to channels on platforms like Discord. Rooms can also be secured with passwords for added privacy. Dorsey highlighted the app's unique position in the current messaging ecosystem, noting that its infrastructure-free design and lack of identifying requirements offer an alternative to surveillance-prone and centralised platforms.
Tom's Guide
30-06-2025
- Tom's Guide
Major security flaw exposes Sony, JBL and Bose headphones to hijacking threat — how to stay safe
Researchers have discovered a security flaw in Bluetooth headphones and earbuds from Sony, JBL and more, allowing attackers to hijack audio devices, eavesdrop and steal phone numbers and contact information. Cybersecurity firm ERNW identified vulnerabilities in audio products using a Bluetooth System on a Chip (SoC) from manufacturer and supplier Airoha, allowing threat actors to manipulate devices without needing to pair with them. This SoC is used among many popular brands, with affected devices confirmed to include the Sony WH-1000XM6, Link Buds S, Jabra Elite 8 Active, Bose QuietComfort Earbuds and more. As noted in the report, the vulnerabilities allow cybercriminals to hijack headphones over Bluetooth, with BLE GATT services and BD/EDR (a.k.a. Bluetooth Classic) missing authentication and leaving these devices open to be taken over without any need for pairing or authentication. "The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition," ERNW reports. "It is possible to read and write the device's RAM and flash. These capabilities also allow attackers to hijack established trust relationships with other devices, such as the phone paired to the headphones." The security flaws can lead to threat actors knowing what is currently playing on devices via RAM reading commands, eavesdropping on conversations when the Bluetooth Classic vulnerability is exploited and being able to see a connected device's phone number and incoming calls. It's important to note that these vulnerabilities can only be exploited if an attacker is within Bluetooth range of a device (around 10 meters), and requires several steps to achieve hijacking without being noticed — with ERNW noting that it would take a "high technical skill set." Get instant access to breaking news, the hottest reviews, great deals and helpful tips. So, while it's possible for cybercriminals to take advantage of these flaws in headphones or earbuds using Airoha Bluetooth SoCs (especially if they're wireless), they would need to be in close range. While many audio products, including headphones, earbuds, speakers and wireless microphones, are known to use Airoha's Bluetooth chip, the cybersecurity firm has confirmed a list of devices that are affected. Here's a look at the devices that are exposed to the vulnerability: However, it's expected that many more audio devices with the SoC are also exposed to the security flaw, but it's virtually impossible to test them all with the amount out there. ERNW states that "some vendors are not even aware that they are using an Airoha SoC," due to parts like the Bluetooth chip being outsourced for development. Since these headphones, earbuds and more are from popular brands, including the latest Sony WH-1000XM6, it's likely that many people are at risk of the vulnerability. While many of the best headphones and best wireless earbuds are affected, an attack that exploits these security flaws would only take place if a cybercriminal is in range. So, as with any Bluetooth attack, it's a good idea to be cautious when in public spaces, such as public transport, cafés and more. The only real way to stay safe from these types of attacks is to disable Bluetooth, which isn't ideal for wireless headphones and earbuds. Of course, it's also best to use wired options that don't require Bluetooth, such as the Sennheiser IE 200 wired earbuds. As this leaves many audio products open to attack, Airoha has now fixed the vulnerabilities in a Software Development Kit (SDK). A new version with the fixes has been sent to manufacturers as of the first week of June, meaning brands such as Sony, JBL, Marshall and others should have a firmware update available with the fixes so users can update their devices with the latest patch. Currently, ERNW isn't aware of any fixed firmware releases, but as soon as one is available, users with affected devices should update their headphones, earbuds and more to make sure they aren't at risk. To keep yourself safe from any online threats that these security vulnerabilities may exploit, it's best to use the best antivirus software and best password managers, too.
Arabian Post
25-06-2025
- Arabian Post
Realtek Bluetooth SDK Flaws Expose Weakness in Device Pairing
A newly disclosed series of vulnerabilities in Realtek's Bluetooth Low Energy implementation jeopardises the stability and security of connected devices, with one issue rated medium and another deemed high severity. The exposed flaws, affecting the RTL8762E BLE SDK version 1.4.0 and its EKF‑EVB derivative, allow attackers to trigger denial‑of‑service conditions during the pairing process by injecting crafted packets at precise stages. The first flaw, identified as CVE‑2024‑48290, emerges from inadequate validation in the BLE protocol's termination routine. An attacker positioned within Bluetooth range can send a maliciously formed llterminateind packet, causing the target device's Bluetooth stack to crash and interrupt communications. Assigned a CVSS 3.1 base score of 4.3, the vulnerability affects devices using Realtek's standard RTL8762E BLE SDK v1.4.0. It requires no privileged access or user interaction, making it easily exploitable over adjacent networks. A second, more severe vulnerability—CVE‑2025‑44531—was added to the National Vulnerability Database on 24 June 2025. This flaw occurs earlier in the pairing exchange, when a crafted payload is delivered before the public key is received. The Bluetooth stack fails to manage the premature input, resulting in uncontrolled resource consumption and forcing a system crash. With a CVSS 3.1 score of 7.5, this vulnerability poses a high risk by enabling attackers with zero privileges and only network proximity to disrupt device functionality. ADVERTISEMENT Both issues affect the same SDK version and stem from fundamental flaws in protocol resilience. The latter vulnerability, categorized under CWE‑400, highlights a broader weakness in resource management during handshake procedures. Security analysts warn that the practical impact of these flaws depends on device deployment. The RTL8762E chip is used extensively in IoT devices such as fitness trackers, smart locks, wireless earbuds, and automation hubs. Disruption of Bluetooth services in such devices can compromise availability and user trust, particularly in environments where Bluetooth is integral to operation or security. Realtek has reportedly issued patches on its official communication channels, though timelines and distribution mechanisms remain unclear due to the closed‑source nature of firmware updates. Enterprises integrating devices with the affected SDK are strongly advised to consult their vendors for firmware updates or consider disabling BLE pairing until mitigation is confirmed. Independent researchers have recommended several interim safeguards. These include enabling rate limiting during pairing, enforcing stringent validation of early‑stage packets, and monitoring for abnormal pairing attempts. However, only confirmed vendor patches can fully rectify protocol loopholes at source. The fact that both vulnerabilities resurface around the same SDK version amplifies concern over code audit practices. Bluetooth protocol stacks are notoriously complex, and previous studies—such as the BLURtooth and Secure Connections Only research—have underlined long‑standing industry challenges in robust implementation. Even established chip vendors have struggled to prevent pairing or transport‑layer manipulation. In the context of BLE's expanding role, particularly in the Internet of Things and proximity‑based systems, exploitation of such low‑level vulnerabilities could become a vector for broader disruption. A stabilised BLE stack is foundational to ensure not only connectivity but also higher‑layer security features that rely on pairing integrity. The coordinated disclosure of these vulnerabilities underscores the need for continued scrutiny of common embedded SDKs. It also emphasises the importance of rapid patching by device manufacturers—especially when source code control is limited or obfuscated. Organisations managing fleets of BLE‑enabled hardware are urged to audit device firmware, liaise with vendors, and monitor for updates. While no evidence currently indicates active wide‑scale exploitation of CVE‑2024‑48290 or CVE‑2025‑44531, the low complexity and zero‑interaction requirements mean that trending threat actors could weaponise them quickly. Consequently, the window for mitigation before operational disruption is narrowing. Ahead of final vendor fixes, network administrators and system integrators may consider segmenting BLE traffic, deploying anomaly detection systems to flag improbable pairing behaviour, and applying stricter access controls on wireless interfaces. Such steps can reduce exposure while awaiting comprehensive SDK updates.
Miami Herald
16-06-2025
- Automotive
- Miami Herald
Keyless Entry is a Car-Thief's Dream: Is Yours on the List?
Car thieves have gone high-tech. In 2025, the same keyless entry systems that make life convenient for drivers have become a goldmine for criminals. Armed with cheap relay devices and a bit of know-how, thieves can capture and amplify your fob's signal-even if it's inside your house-and drive away in seconds. Recent academic research confirms: remote keyless entry is now a main attack vector, and most automakers haven't kept up with the threat. Attacks like relay, replay, and even cryptanalytic hacks let criminals bypass security on everything from family sedans to luxury EVs. Relay Attacks: Thieves use radio amplifiers to trick your car into thinking the key is nearby-even if it's inside your Attackers block your unlock signal, record it, and use it later to open your Attacks: Hackers can clone keys by intercepting and analyzing the digital handshake between car and fob. The U.S. car theft landscape is dominated by models with weak immobilizer systems, especially older Hyundais and Kias, but modern keyless entry vulnerabilities-including those in Tesla and other brands-are a growing concern. Here are the US' 2024 Top 10 Most Stolen from keyless entry attacks. Tesla Model 3 and Model Y have been proven susceptible to Bluetooth Low Energy (BLE) relay attacks, allowing thieves to unlock and drive away in seconds if advanced security features (like PIN-to-drive) are not not among the top 10 most stolen cars by volume, Tesla's vulnerability is notable because the attack exploits the convenience of phone-as-key and BLE fobs, similar to attacks on other brands using BLE for entry/ This Tesla feature can thwart drive-away thefts, but it must be manually enabled by the owner. Hyundai and Kia (pre-2022/2023): Most vulnerable overall due to lack of immobilizers; relay and physical attacks are both pickups (Chevrolet Silverado, Ford F-150): Targeted for parts and theft, with keyless entry increasing risk in newer keyless models (Toyota Camry, Dodge Charger, Honda Accord/Civic): Newer trims with push-button start are susceptible to relay attacks, though immobilizers are generally and other BLE/NFC-based vehicles: Vulnerable to advanced relay attacks, especially if owners do not use additional security features. Despite years of warnings, most manufacturers have stuck with outdated cryptography and unidirectional signals. "Security by obscurity" (hoping hackers won't find the flaws) still rules, even as researchers and thieves race to outsmart each other. The result: a boom in thefts, and a booming business for aftermarket Faraday pouches that block radio signals-because your $60,000 SUV apparently needs a $10 shield the maker won't fork out for. Some researchers are pushing for smarter solutions: adaptive frequency-hopping, two-way authentication protocols, and dynamic cryptographic keys. These upgrades would make it much harder for thieves to intercept or spoof signals. But until automakers make these standard, your car's digital handshake is a handshake with risk. If your car unlocks with a wave or a ping, it's at risk. Until the industry catches up, use all available security features, and consider a Faraday pouch or steering lock. Convenience shouldn't mean handing your keys to a thief. Copyright 2025 The Arena Group, Inc. All Rights Reserved.
