Reversing and Attacking Google Nearby #2448
-
|
Hello, I came across an article about reversing and attacking Google Nearby. Scripts used to attack Google Nearby are 5 years old. Has the issue already been addressed? Is it still a problem? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
The attacks in the paper relied on clients ignoring the authentication tokens provided by Nearby Connections and blindly connecting to devices. To avoid man-in-the-middle attacks, it's important that both sides have an opportunity to verify the token (or to treat all data as unencrypted until the token is confirmed, if you accept first). It's been a while since I read the paper, so I'll take some time to do a refresher to make sure I didn't miss anything. |
Beta Was this translation helpful? Give feedback.
-
|
@maciejkrolik Would there be interest in standardizing the protocol? For example through an IETF RFC. This would possibly:
|
Beta Was this translation helpful? Give feedback.
The attacks in the paper relied on clients ignoring the authentication tokens provided by Nearby Connections and blindly connecting to devices. To avoid man-in-the-middle attacks, it's important that both sides have an opportunity to verify the token (or to treat all data as unencrypted until the token is confirmed, if you accept first).
It's been a while since I read the paper, so I'll take some time to do a refresher to make sure I didn't miss anything.