Monday, 25 September 2017
Latest news
Main » BlueBorne threatens nearly every connected device with Bluetooth-based attacks

BlueBorne threatens nearly every connected device with Bluetooth-based attacks

13 September 2017

What makes BlueBorne so risky is that it does not require any interaction with a device's user.

The researchers state Windows Vista and later devices are affected by BlueBorne.

"The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use", the researchers write in the blog post.

Understandably, you want to know what's going on in terms of trying to stop the spread of BlueBorne around the world.

"Previously identified flaws found in Bluetooth were primarily at the protocol level", Armis claimed.

Florida Keys devastated by Irma, says governor
Irma made landfall on the Florida Keys as a Category 4 hurricane Sunday, but the full extent of the damage there is still unknown. Irma battered Cuba on Saturday with deafening winds and relentless rain . "They said this one is going to be bigger than Andrew".

Given that some of these flaws have been present in Bluetooth for a decade, Izrael said, "We do fear that in some sense these vulnerabilities might have been found before by some actors and used".

Some notable devices that are vulnerable include the Google Pixel, the Samsung Galaxy and Galaxy Tab series, and the LG Watch Sport.

Armis, which has a commercial stake in the IoT security space, warned that the attack vector can be exploited silently. "Unfortunately in these cases, many connected devices don't allow for patch management and become easy targets", he added. Once he enters the bank, his device infects others and grants attackers a foothold on a previously secured network. The researchers reported them to Google, Microsoft, and Apple in April and to Linux Maintainers in August.

How to update protect my device from BlueBorne? Of note, Armis' research has found that Bluetooth just has to be open for an attack to be successful. The researchers found information disclosure and code execution flaws in Linux; one vulnerability that allows MitM attacks in Windows (CVE-2017-8628); four code execution, MitM and information disclosure vulnerabilities in Android (CVE-2017-0781, CVE-2017-0782, CVE-2017-0783 and CVE-2017-0785); and one code execution flaw in the Bluetooth Low Energy Audio protocol used by iOS.

Of the 2 billion devices using Android, about 180 million are running on versions that will not be patched, according to Armis. But updates might not be as frequent for single-purpose smart devices like your smart refrigerator or a connected television.

USA to face one of the most risky hurricanes ever
Houston is United's second largest hub after Chicago. "No one is taking those long trips and demand falls off". As with Harvey, airlines are partnering with relief organizations to help people impacted by Irma .

While there is no mention of Android Oreo, Google has issued security patches for Android Nougat and Marshmallow as a part of the September Security Bulletin.

It said that its Windows phones were not impacted by the attack vector. Microsoft is expected to release patches later today. Almost all vulnerabilities found since were of low severity, and did not allow remote code execution. Samsung's Tizen OS, based on Linux, is also affected.

"I hope our efforts with BlueBorne help other researchers examining Bluetooth implementations see what potential issues need to be looked at", Seri said.

More than 8.2 billion Bluetooth devices are now in use, they noted.

Typical of most proof-of-concept exploits, the BlueBorne attacks demonstrated in the videos are relatively simple.

Residents begin returning to storm-battered Florida Keys
In Gainesville, more than 60% of stations are still out of gas, according to GasBuddy, which tracks fuel prices and availability. Both units at its Turkey Point facility, about 30 miles (48 km) south of Miami, were shut by early Monday.

"The complications in the specifications translate into multiple pitfall junctions in the various implementations of the Bluetooth standard", the company says in a paper [PDF] describing a set of flaws referred to as BlueBorne. Bluetooth worms have existed in the past and have caused many problems, especially for mobile carriers.

BlueBorne threatens nearly every connected device with Bluetooth-based attacks