A new Bluetooth exploit leaves billions of devices vulnerable

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices

The only requirement for a successful attack is that Bluetooth is enabled - something most people have enabled at least on their phone, and often on their computers and laptops. It's also capable of going under the radar, completely going unnoticed by the user.

"BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices", Armis said. It is a collection of eight exploits collectively called as BlueBorne.

The other wildcard here: Linux-based devices. Smartphones and tablets manufactured by every major phone maker from Apple to Samsung as well as computers and other devices that are likely to house sensitive personal or business information are all Bluetooth-enabled.

"These silent attacks are invisible to traditional security controls and procedures", said Yevgeny Dibrov, the chief executive of Armis, in a statement. "This means a Bluetooth connection can be established without pairing the devices at all. Unfortunately in these cases, many connected devices don't allow for patch management and become easy targets", he added. Different devices are affected by different sets of vulnerabilities encapsulated by Blueborne. The attack essentially takes advantage of how Bluetooth uses tethering to share data and is able to spread through "improper validation".

Samsung (ssnlf) fans will be less pleased to read this from Armis: "Contact on three separate occasions in April, May, and June". From there, it spreads to other vulnerable devices it detects.

Apple will not be pushing out an update, because the vulnerability affecting its Bluetooth implementation has already been mitigated in iOS 10 and users are encouraged to upgrade to it. Those presumptions are apparently flawed, and, thus, BlueBorne, the airborne Bluetooth vulnerability, came to be. The "BlueBorne" attack exposes billions of Android devices to complete takeover by hackers, but it's not only Android. Zero-day vulnerabilities are security flaws that are found before developers have a chance to fix them.

For the regular consumer, there's good news and bad news.

Even so, there are millions of Android devices out there that have long reached end of support and will not get these patches. Moreover, everyone needs to be wary of older IoT devices. But they have produced a video of it working on an Android device. "We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates".

Microsoft silently delivered patches for the BlueBorne issues as part of its July Patch Tuesday update. Alongside that, any Linux device running BlueZ or version 3.3-rc1 are affected. Of note, Armis' research has found that Bluetooth just has to be open for an attack to be successful.

If you want to go deeper into what BlueBorne is capable of, Armis Labs has put together a white paper on the virus. The attack can be used to hijack a person's information, or quickly spread through an environment where there is a number of Bluetooth devices such as an office or school.

Most previous Bluetooth vulnerabilities were related to the protocol itself.

Recommended News

  • Chelsea's ten greatest nights in the Champions League — European Blues

    Chelsea's ten greatest nights in the Champions League — European Blues

    A 2-1 victory was enough to keep their flawless start to the season going, with goals from Mahir Medetov and Michel doing the job. Chelsea undoubtedly benefitted from not having the extra games last season during their Premier League title winning run.
    Equifax's Wide Moat Intact After Data Breach

    Equifax's Wide Moat Intact After Data Breach

    You are allowed a free copy once a year from each of the three credit reporting agencies: Equifax , Experian , and TransUnion . As a financial planner in New York City, being able to access client accounts during meetings is incredibly helpful.
    How to Watch Rafael Nadal vs. Andrey Rublev

    How to Watch Rafael Nadal vs. Andrey Rublev

    We played a great match and I think I deserved to win in the end", he added. "We always had a good relationship". Djokovic went on to lose to Nadal in the final. "I don't know what can I say after this big battle".
  • American airlines cancels more than 2000 flights due to Hurricane Irma

    American airlines cancels more than 2000 flights due to Hurricane Irma

    The airway has waived baggage costs and in-flight pet fees for those traveling from places covered by an emergency weather waiver. However, some Floridians are complaining that certain airlines are trying to profit off a possibly life-threatening situation.
    Kansas City Chiefs vs. New England Patriots: 5 things to watch for

    Kansas City Chiefs vs. New England Patriots: 5 things to watch for

    This means the Patriots have a 6.7 percent chance of going undefeated as compared to 1.7 percent for the other 31 clubs. But that's what I get paid the medium bucks for, to make bold predictions when I'm asked to make bold predictions .
    Oklahoma vs. Ohio State 9/9/17

    Oklahoma vs. Ohio State 9/9/17

    The last time the Demon Deacons won a conference road game by more than 20 points: the 30-0 win over Florida State in 2006 . Oklahoma quarterback Baker Mayfield clearly recalls the blowout in Norman when Ohio State came to town a year ago.
  • Nadal has 2-set lead in US Open final

    Nadal has 2-set lead in US Open final

    At 3-all, 30-all, Anderson double-faulted to offer up Nadal's fifth break point of the match, then badly pushed a forehand wide. Carlos Moya is confident Rafael Nadal can continue to challenge for grand slams despite his advancing years.
    Three important final thoughts before Vikings vs Saints kickoff on MNF…

    Three important final thoughts before Vikings vs Saints kickoff on MNF…

    I counted nine snaps for Peterson with six carries (18 yards, no touchdowns), his lowest total in his career , per NFL Research. Majority came in the second half after New Orleans held the rookie to just 22 yards before both teams hit the locker room.
    Emirates cancels Florida flights due to Hurricane Irma

    Emirates cancels Florida flights due to Hurricane Irma

    Flights at Key West's airport ended Thursday, a day later than the airport originally said. "I tried to rebook online", she said. For all those who can evacuate by road or air, many cannot because of physical or financial constraints.
  • Adam Gotsis steps up in Denver Broncos' win

    Adam Gotsis steps up in Denver Broncos' win

    When Koo went to re-kick, the attempt was blocked and no good, sealing the thrilling win for the Broncos over a division rival. Siemian's first passing touchdown was on a free play after the Chargers jumped offsides, but that only makes me like it more .

    Tarik Cohen shines in debut

    The most encouraging thing about the Falcons on offense had to be Matt Ryan who hasn't slowed down a bit from his MVP run. That's what we expected. "It's a done deal, and we've got to look forward to Tampa". "That's what this week will be".
    Nadal dismantles Rublev to remain on Federer collision course

    Nadal dismantles Rublev to remain on Federer collision course

    A delightful backhand victor earned him another break for 4-2 and the Austrian served for the set at 5-3. Federer said he was happy to see the likeable Del Potro back on tour and the feeling is mutual.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.