Thursday, 23 November 2017
Latest news
Main » Bluetooth Vulnerability, BlueBorne Impacts Android, iOS, Windows, and Linux Devices

Bluetooth Vulnerability, BlueBorne Impacts Android, iOS, Windows, and Linux Devices

13 September 2017

A set of previously unknown security vulnerabilities in Bluetooth technology reportedly left billions of devices at risk of hacking, a team of internet-of-things (IoT) researchers has said.

"Armis, the enterprise IoT security company, today announced the discovery of a set of zero-day Bluetooth-related vulnerabilities affecting billions of devices in use today dubbed, "BlueBorne". Armis Labs explained that through improper validation, BlueBorne is able to manipulate Bluetooth's tethering feature to share and data and is able to spread data. The attack follows how WannaCry ransomware spread earlier this year using NSA's EternalBlue vulnerability.

This attack would not require people to click on links, download malicious files, or "pair" devices to work; it would merely require people to have Bluetooth enabled.

David Dufour, senior director of security architecture at security firm Webroot, told iTWire: "BlueBorne is another example of how simple it is for hackers to quickly scan for, and then exploit, open Bluetooth devices". Armis reported the vulnerabilities to Google, Microsoft, and the Linux community. They held off on publishing their work in order to coordinate disclosure with the affected companies.

5 areas left under signal no. 1 as Maring exits land
Parayno said responding workers were able to rescue 12 persons, who were brought to a hospital where the boy died upon arrival. The number coding scheme for vehicles has been suspended in Metro Manila, the Metropolitan Manila Development Authority said.

Surprisingly, the majority of Linux devices on the market today don't use address space layout randomization or similar protections to lessen the damage of BlueBorne's underlying buffer overflow exploit, Armis Head of Research Ben Seri said.

It said that its Windows phones were not impacted by the attack vector. The Armis researchers, however, said they believe there are likely many more overlooked critical bugs that remain to be found.

Get Data Sheet, Fortune's technology newsletter. Google's Android, however, is spread across so much hardware that the onus to update falls on third-party manufacturers, who might not patch out the vulnerability in time. Google passed the patch onto partners in early August which means Nexus and Pixel devices with the latest updates are safe, but others will have to wait on OEMs to push the update.

The BlueBorne attack vector has several stages. Windows machines also received a patch in July that protects them from the Bluetooth-based attacks.

Military action against Pyongyang not inevitable
So has Malaysia's fear that it, too, could face criticism, particularly after North Korea's latest nuclear weapons test on Sunday. The North Korean regime has also been improving its rocket technology and wants to be able to reach the US.

The eight vulnerabilities include a Linux kernel RCE vulnerability (CVE-2017-1000251), Linux Bluetooth stack (BlueZ) information Leak vulnerability (CVE-2017-1000250), Android information Leak vulnerability (CVE-2017-0785), Android Remote Code Execution vulnerabilities (CVE-2017-0781 and CVE-2017-0782), The Bluetooth Pineapple in Android - Logical Flaw (CVE-2017-0783) and Bluetooth Pineapple in Windows - Logical Flaw (CVE-2017-8628).

"Bluetooth is complicated. Too complicated", the researchers write in their whitepaper discussing the attacks.

"These silent attacks are invisible to traditional security controls and procedures". Armis' 40-person team is headquartered in Palo Alto, Calif. and Tel Aviv, and has raised $17 million in venture capital from investors such as Sequoia Capital and Tenaya Capital.

Over the past decade, Bluetooth has become nearly the default way for billions of devices to exchange data over short distances, allowing PCs and tablets to transfer audio to speakers and phones to zap pictures to nearby computers.

Jimmy Kimmel Talks to Kristen Bell in Orlando After Hurricane Irma
Josh Gad is publicly thanking his Frozen co-star Kristen Bell for taking his "entire family" out of the path of Hurricane Irma's destruction.

Connect to the target device in an undetected manner, then remotely execute code on that device. It's generally a wise practice to keep the software on your devices up to date.

Bluetooth Vulnerability, BlueBorne Impacts Android, iOS, Windows, and Linux Devices