Warning over 'BlueBorne' Bluetooth attack vector

13 September, 2017, 07:19 | Author: Patsy Dennis
  • BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices

Ben Seri, one of Armis' researchers, used the vulnerabilities to connect to the Pixel without any input from the device. The result: Blueborne can carry out remote code-execution attacks on both OSes that are both stealthy and reliable.

"We have released security updates for these issues, and will continue working with other affected platforms across the industry to develop protections that help keep users safe", says Aaron Stein, a Google spokesperson.

The group that oversees Bluetooth technology, called the Bluetooth Special Interest Group, estimates that there are more than 8 billion Bluetooth devices on the market today.

BlueBorne vulnerabilities are tracked under the following identifiers: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices; CVE-2017-1000251 and CVE-2017-1000250 for Linux; and CVE-2017-8628 on Windows. Google, meanwhile, provided device manufacturers with a patch last month.

Hurricane Irma lashes Cuba; Jose poses threat elsewhere
Cheetahs, horses and sloths have been evacuated ahead of the storm, and some of the animals were taken to a Key West Jail. Meanwhile, Irma has hit the Florida Keys, a chain of islands off the southern tip of Florida, with hurricane-grade winds.


Users who aren't expecting a patch for the BlueBorne attack on their devices (such as owners of older Android smartphones) would do best to disable Bluetooth and only enable it for a short time when needed, if at all.

A single infected device moving through a busy office past dozens of people with phones, tablets, or computers with Bluetooth switched on could cause a rapid infection across networks - leading to network infiltration, ransomware attacks, or data theft. That means attackers could use BlueBorne to bypass personal and corporate firewalls and exfiltrate sensitive data and possibly modify or otherwise tamper with it while it's in transit.

BlueBorne-Android Take Over Demo.

The eight Bluetooth-related vulnerabilities affect an estimated 5.3 billion Android, iOS, Linux, and Windows devices, according to Izrael. The researchers consider three of the flaws to be critical.

Apple Watch is the Number One Watch in the World
But the newest version comes with cellular built in, which means it can record heart rate continuously anywhere you have service. Would you use more advanced one if it was available? Apple's ad for the new watch is touting "40 million songs on your wrist".


Linux devices running BlueZ are affected by the information leak flaw and those from version 3.3-rc1, released in October 2011, are affected by the remote code execution flaw.

The researchers said they expect Linux, which is an open source project managed by a community of volunteers, to release a fix soon. While the underlying vulnerability exists in some form across most Android and Linux devices, the specific exploit varies from system to system, making it hard to write a single virus that would be able to target every vulnerable device.

Typical of most proof-of-concept exploits, the BlueBorne attacks demonstrated in the videos are relatively simple. Other devices running older versions of Android and Linux could be vulnerable. Turns that Bluetooth into a rotten black one. The vulnerabilities reported by Armis now reinforce the wisdom of that advice. When patches are available, consumers should update their devices to the latest available operating systems in order to protect themselves from the attacks. He also downplayed the likelihood of active BlueBorne attacks, noting that there's no indication either of the Broadcom chip vulnerabilities has ever been exploited in the wild. "This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering)". Once he enters the bank, his device infects others and grants attackers a foothold on a previously secured network. What's more: "An attacker that would want to weaponize these exploits could achieve generic exploits with very little work".

SportsCenter Anchor's Tweets Calling Trump a White Supremacist Were 'Inappropriate'
The network that fired Curt Schilling for spreading an anti-transgender rights meme is fighting a narrative that it leans left. Former ESPN host Britt McHenry believes she would have been fired for saying the equivalent about Barack Obama.


Recommended:

  • Josh Gad: Kristen Bell saved my parents from Irma

    Josh Gad: Kristen Bell saved my parents from Irma

    She joked with Jimmy that she had to tell John he was Johnny Carson because he didn't know who Kimmel was. Luckily, Bell herself was in a good place: the Walt Disney World Swan and Dolphin Resort.
    Irma leaves two thirds of Florida without power

    Irma leaves two thirds of Florida without power

    Irma hit Florida on Sunday morning as a risky Category 4 storm, the second highest level on the five-step Saffir-Simpson scale. Defense Department said it may need to help evacuate about 10,000 people stranded in the Florida Keys by Hurricane Irma.
    McCain to North Korea: Aggression will lead to 'extinction'

    McCain to North Korea: Aggression will lead to 'extinction'

    Kim would be spared from a United Nations blacklist that would have hit him with an assets freeze and a travel ban. Treasury last month sanctioned two Russian-operated firms accused of selling oil to North Korea.
  • Mourinho warns Man United over complacency

    But, while pleased with the result, Mourinho felt they took their foot off the pedal having gone 2-0 ahead early in the second half.
    Rear-wheel-drive Audi R8 RWS announced

    Rear-wheel-drive Audi R8 RWS announced

    Dubbed the R8 V10 RWS , it is "made for purists" according to Audi Sport's recently departed CEO Stephan Winkelmann . The sideblades are also split in color, with the upper half being gloss black and the bottom half being body color.
    Television ratings another casualty of Hurricane Irma

    Television ratings another casualty of Hurricane Irma

    The remnants of Irma continued to track across Alabama on Tuesday, but it appeared the worst from the storm in the state was over. Irma's 11.25 days as a hurricane were the most since Nicole in 2016 and tied for the 23rd most in the satellite era.
  • Hurricane Jose will do a loop-the-loop in the Atlantic. Then what?

    Hurricane Jose will do a loop-the-loop in the Atlantic. Then what?

    Life-threatening storm surge and damaging winds are the likely main threats in the coming hours all across Florida's west coast. FEMA Chief Brock Long said he believed the Keys and Collier County in southwest Florida took the brunt of the storm .
    Auto  sales up 11.8%; passenger vehicle up 13.76% in August

    Auto sales up 11.8%; passenger vehicle up 13.76% in August

    Commercial vehicle sales, too, increased 23.22% year on year to 65,310 units due to increase in movement of goods, SIAM said. Vehicle sales grew by 12 per cent and vans by 11 per cent, according to Society of Indian Automobile Manufacturers.
    BlackBerry Priv won't get Android Oreo

    BlackBerry Priv won't get Android Oreo

    Any BlackBerry Priv users out there? According to BlackBerry's GM, Alex Thurber , the Priv won't get updated to Android Nougat . Having said that, BlackBerry is a leading name in the field of enterprise-level security that derives from regular updates.
  • Newcomers Win Most Music Emmys

    Newcomers Win Most Music Emmys

    The long-running NBC sketch series was up for 22 Emmys this year , tied for the most-nominated series with HBO's " Westworld ". House of Cards ( Netflix): House of Cards is no stranger to the Emmys and has been nominated for its fifth consecutive season.
    Inflation rises 3.36% in August, IIP growth mild at 1.2% in July

    Inflation rises 3.36% in August, IIP growth mild at 1.2% in July

    However, electricity generation stood out as it posted a growth of 6.5 per cent in July, up from 2.1 per cent in July 2016. According to figures from the Office for National Statistics (ONS), fashion costs rose at an annual rate of 4.6% in August.
    Hurricane Jose Could Near US East Coast Next Week

    Hurricane Jose Could Near US East Coast Next Week

    Regardless of Jose's exact track, there will be beach concerns up and down the East Coast as the storm churns offshore. At 5 p.m., the center of the storm was about 480 miles north-northeast of Grand Turk Island.


Popular

US Proposes New Sanctions for North Korea
US President Donald Trump had previously warned the US could cut off trade with countries that do business with North Korea. Still, North Korea denounced efforts by Washington to impose new UN-backed sanctions against the country.

Britain unconditionally committed to maintaining European security: official document
Negotiating teams for Britain and the European Union had been due to reconvene in Brussels next week for a fourth round of talks. Since then her Conservative government has been forced to soften its approach after losing its parliamentary majority.

Monster fatberg longer than two football pitches found clogging east London sewer
Weighing the same as 11 double decker buses, the fatberg easily eclipses the one found in 2013 in Kingston, southwest London. The company spends approximately £1million a month clearing fatbergs and blockages, dealing with 55,000 of them every year.

Florida Deals With Irma's Aftermath as Flooding Rains Move North
Authorities are still surveying damage from the record-breaking storm , and this story will be updated as more details emerge. How many people in the dangerously exposed, low-lying islands defied evacuation orders and stayed behind was unclear.

Singapore's 'walkover' presidential election draws public criticism
President Yusof Ishak was Singapore's first President and the only Malay to have held the office till he died in 1970. That meant that this year's election was reserved for someone from Singapore's minority Malay community.

Toshiba favors Bain group for chip sale; Western Digital talks stall
The report further noted that "All three bidder groups have roped in major chip buyer Apple Inc to bolster their offers, sources have said".

The New 550-hp 2019 Porsche Cayenne Turbo Missile Arrives Fall 2018
Porsche Cars Canada, Ltd., a dedicated subsidiary of Porsche AG, imports and distributes Porsche vehicles in Canada. It's available to order now for £99,291, with first United Kingdom deliveries taking place in April 2018.

Dramatic waterspout caused by Hurricane Irma's winds in Florida
Forecasters have cautioned people not to venture out there since the water would return with a potentially deadly vengeance. So when you're talking about the west coast of Florida, the Gulf Coast, the damage is likely to be very severe there.

Jamie Dimon: Bitcoin Is a 'Fraud'
Jamie Dimon , CEO of JPMorgan Chase & Co (N:), said on Tuesday that his eventual successor is an executive working at the bank. CBOE's chairman and CEO, Ed Tilly, defended such efforts after Dimon's remarks.

PUBG's September update detailed with map tweaks and a new weapon
PUBG developers Bluehole have said that an update on vaulting testing schedules will come soon. We would definitely like to provide a better FPP experience to players in SA and SEA servers.