Bluetooth Vulnerability, BlueBorne Impacts Android, iOS, Windows, and Linux Devices

Enlarge Image Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits.                  Josh Miller  CNET

Enlarge Image Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits. Josh Miller CNET

Current Apple operating systems are not vulnerable to the attack, but older iOS systems are.

Armis also disclosed eight related zero-day vulnerabilities, four of which are considered to be critical in nature. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.

Blueborne consists of a number of ways to attack a device, the most serious of which would allow a threat actor to gain control over a Bluetooth enabled device and its data. "Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them", said Yevgeny Dibrov, CEO of Armis, in a statement. "The fact that all vendors have the same flaws does seem to indicate that there is need for further tightening in how the Bluetooth protocol is implemented".

This could occur via "man in the middle" cyberattacks without the need for any user interaction or clicks. Again, these can be found even if the software isn't telling the device to be in discoverable mode. Once attackers are able to penetrate a device using BlueBorne, they can take full control of the devices and laterally spread this malware to adjacent devices with Bluetooth enabled. This makes BlueBorne one of the most broad potential attacks in recent years, while allowing attackers to strike undetected.

House sends resolution urging Trump to condemn white supremacists
Thomas Garrett, R-Va., and Gerald Connolly , D-Va., and co-sponsored by the other members of the Virginia House delegation. The White House, however, will not immediately commit to signing it.

Given that some of these flaws have been present in Bluetooth for a decade, Izrael said, "We do fear that in some sense these vulnerabilities might have been found before by some actors and used".

"In some areas the Bluetooth specifications leave too much room for interpretation, causing fragmented methods of implementation in the various platforms, making each of them more likely to contain a vulnerability of its own", the company said. There is no indication to date that the BlueBorne vulnerabilities have been exploited in the wild by attackers.

All Linux devices running BlueZ are affected by an information leak, while all Linux devices from version 3.3-rc1 (released in October 2011) are affected by a remote code execution flaw that can be exploited via Bluetooth. Such an attack could also be spread quickly by transmitting the malicious exploit from device to device through Bluetooth connectivity.

The Bluetooth Pineapple vulnerability is also present on unpatched Windows systems, allowing the same type of MITM attack to occur.

Chile fans want Alexis Sanchez to dump his actress girlfriend Mayte Rodriguez
We take a look at whether Manchester City should go back in for Sanchez in the January transfer window. "I am sad", Guardiola said when asked about his latest setback.

Any iPhones running iOS 10 are immune to the attack, and Microsoft deployed a patch to fix the bug in July. However, the company still warns users who are on older versions of iOS that they're at risk.

While using Bluetooth is a canny way to automatically infiltrate user devices without permission, it means BlueBorne is bound by the signal frequency's short range, and only affects devices with Bluetooth turned on.

Armis Labs argued that current security measures such as endpoint protection, mobile data management, firewalls, and network security solutions are not created to deal with airborne attacks, because their main focus is to block attacks that happen over IP connections.

The automatic connectivity of Bluetooth, combined with the fact that almost all devices have Bluetooth enabled by default, makes these vulnerabilities all the more serious and pervasive. That leaves Android devices as the most vulnerable, thanks in part to longstanding issues deploying patches through partners.

BTS to release collaboration with The Chainsmokers
Meanwhile, the US Duo performed in Busan the same day this collaboration was announced, following their performance in Seoul. It will be the follow-up to Wings and the extended release You Never Walk Alone and it promises to be huge.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.