“The security design of these applications could benefit from several improvements to guard against rogue local apps,” Stella said.For example, adding mutual TLS authentication using per-session certificates could help to prevent some of the described attacks, Stella notes, given the certificates are generated and exchanged via BLE before the P2P network is created and are not renegotiated after the initial connection. The applications must also avoid unencrypted and unauthenticated traffic.
“This would still not guarantee the stability of the services (i.e. if any DoS is found) but could be effective against rogue applications’ attacks trying to crash the service,” he says. P2P WiFi file transfer has existed for 10 years, but device manufacturers have not yet managed to consolidate their solutions and insist on their own proprietary applications, which makes it difficult to secure them.
“While the core technology has always been there, what can you do with a computer science degree still struggle to defend their own P2P sharing flavors,” Stella writes, adding other mobile file transfer solutions might also be vulnerable to attacks he has found. Depending on the nature of the company or organization you’re employed in, you may be expected to troubleshoot networks for clients or handle front-end network issues. This involves excellent communication skills, the ability to explain technical issues to non-technical individuals, and the ability to understand and build a relationship with the clients you work with.
No comments:
Post a Comment