New Bluetooth Vulnerability Appears, It's Called Blueborne

Share
New Bluetooth Vulnerability Appears, It's Called Blueborne

The "BlueBorne" flaws would allow a virus to leap from device to device, regardless of the operating system being used. The only pre-condition is that Bluetooth needs to be turned on, and then the hacker can easily connect to the device, take control, and spread malware, all of this without ever letting the user know that his device is compromised.

Check Armis' page on the exploit along with the respective white paper (PDF) explaining BlueBorne in detail.

Currently, there are around 8.2 billion Bluetooth-enabled devices in the world today, meaning 8.2 billion potential access points for BlueBorne. Armis told numerous affected tech companies about the flaws well before informing the public-an approach known in the industry as responsible disclosure-so they've had a chance to push out patches.

"This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering)".

Based on a proof-of-concept, the security gaps - which have been dubbed "BlueBorne" - could be used by hackers to spread malware or intercept data. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices.

The vulnerabilities are not located in the Bluetooth protocol itself, but in the individual Bluetooth implementations - or stacks - that are present in Android, Windows, Linux and iOS.

Google and Microsoft both subsequently released updates by the beginning of September 2017, for their affected devices, which included all Android phones of every version and every Windows computer since Windows Vista.

Ars Technica reported that the time to exploit a device was "no more than 10 seconds" and that it would theoretically work even if a device was already paired with another.

Meanwhile, iOS devices running iOS 9.3.5 or lower and AppleTV on 7.2.2 or lower are open to the attack.

Apple (aapl) fans will be delighted to hear that the current versions of its software are not vulnerable. Those devices will remain vulnerable to these Bluetooth attacks indefinitely.

Up until now, Bluetooth has been notable for the dearth of critical vulnerabilities found in the specification or in its many implementations, with Armis being aware of only one code-execution flaw, in Windows, one that Microsoft fixed in 2011.

"These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date and can enable a complete takeover of the target device", experts asserted. "It doesn't require the user to make a mistake, or have a device in a discoverable mode". Linux devices released since October 2011 (3.3-rc1) are affected by the remote code execution bug (CVE-2017-1000251). Microsoft even put out a patch for this issue back in July, so Windows is also protected as of now. "Unfortunately in these cases, many connected devices don't allow for patch management and become easy targets", he added.

Microsoft has begun sending out security patches to all Windows versions as of 10 a.m., September 12, putting the details available online. As always, when a smartphone automatically receives security updates, these connected devices are likely to never be updated by their manufacturer or owner. Also keep an eye out for patches applicable to any mobile devices and platforms you use.

Now, while we'll be the first to admit that this attack, christened Blueborne, has a limited audience given the relatively short range, imagine the havoc it could wreak in a simple coffee shop? Turns that Bluetooth into a rotten black one.

Share

Advertisement

Related Posts

Manchester City 5-0 Liverpool
Prior to the goal , the Reds had looked threatening but never came close to putting the ball into the back of the net. Welbeck's second goal , from Aaron Ramsey's 50th minute pass, secured Arsenal's first win since the opening weekend.

Whitehouse Latest NE Senator To Join Push For Single-Payer Health Care
Sanders' office will livestream the introduction of the bill here. The giant insurance megalopoly would not choose for you. "Health care is a right, not a privilege", Ms.

Bears fear Kevin White will miss the rest of the season
The Bears (3-13 in 2016) are coming off their worst season since 1973 and they moved on from inconsistent quarterback Jay Cutler . The Falcons' defense preserved the lead - barely - as the Bears' comeback bid fizzled inside the 10-yard line.

Samsung Galaxy A5 Finally Receives the Android Nougat Update
That said, amazing graphics can be relayed with LCD, too. 3D images require the two cameras to be placed side-by-side. As for the C-series, it was a newly launched lineup just last year, making the Galaxy C7 2017 its second variant.

Stam encourages Eagles to show patience for De Boer
Frank de Boer's position at Crystal Palace is hanging by a thread after setting an unwanted Premier League record. Meanwhile, the Eagles have endured a poor start under new manager Frank De Boer.

Baker Mayfield's legend grows with swaggering win over Ohio State
More than 109,000 packed into The Horseshoe making it the largest crowd Oklahoma has ever played a game in front of. The Blue Bloods Meet Again at Gaylord Family Oklahoma Memorial Stadium on September 17, 2016 in Norman, Oklahoma .

Chargers open 2017 National Football League season against Broncos -- but do San Diegans care?
Melvin Gordon saw the crease as two of his offensive lineman teamed up to pin down Broncos defensive end Derek Wolfe . Four plays later, they punted. " Chargers come away with a win in Denver for the first time since December 2013".

Hurricane Irma evacuees rush for final flights out of Florida
Miami-Dade County Mayor Carlos Giménez dashed hopes that Irma could be spent by the time it reaches the USA mainland. One woman, who wouldn't give BuzzFeed News her name, said she was vacationing from Honduras but cut her stay short.

Mercedes-AMG Project One hypercar debuts at Frankfurt
With its design developed from Mercedes-AMG's Formula One racer, it can produce more than 1,000 horsepower in drive unit. The gearbox is electromechanically/hydraulically automated or can be shifted using the steering wheel paddles.

What you need to know about the iPhone 8, iPhone X
We highly recommend getting online at least half an hour before iPhone 8 pre-orders start so that you can get yourself situated. In the Steve Jobs Theatre, Cook told the audience of 1000 the iPhone X "will set the path for technology for the next decade".

© 2015 Chester Weekly. All Rights reserved.