ABSTRACT

Post Oak Bluetooth Traffic Systems Insufficient Entropy Vulnerability   [open pdf - 63KB]

"This advisory provides mitigation details for a vulnerability that impacts Post Oak Traffic AWAM [Anonymous Wireless Address Matching] Bluetooth Reader Systems. An independent research group composed of Nadia Heninger, Zakir Durumeric, Eric Wustrownd, and J. Alex Halderman identified an insufficient entropy vulnerability in authentication key generation in Post Oak's AWAM Bluetooth Reader Traffic System. By impersonating the device, an attacker can obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack. Post Oak has validated the vulnerability and produced an updated firmware version that mitigates the vulnerability. According to Post Oak, products are deployed in the transportation sector, mainly in the United States. This vulnerability can be exploited remotely."

Report Number:
Industrial Control Systems Cyber Emergency Response Team Advisory, ICSA-12-335-01
Publisher:
Date:
2012-11-30
Copyright:
Public Domain
Retrieved From:
United States Computer Emergency Readiness Team: http://www.us-cert.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations