Submitted via IRC for TheMightyBuzzard
Billions of Android, iOS, Windows and Linux devices that use Bluetooth may be exposed to a new attack that can be carried out remotely without any user interaction, researchers warned.
Armis Labs, a company that specializes in protecting Internet of Things (IoT) devices, has discovered a total of eight Bluetooth implementation vulnerabilities that expose mobile, desktop and IoT systems to an attack it has dubbed "BlueBorne."
According to the security firm, the attack only requires Bluetooth to be enabled on the targeted device – no pairing is needed between the victim and the attacker's device, and the Bluetooth connection does not even have to be discoverable.
A hacker who is in range of the targeted device can exploit one of the several Bluetooth implementation vulnerabilities that can lead to remote code execution, information disclosure or man-in-the-middle (MitM) attacks. The attacker only needs to determine what type of operating system the target is using in order to deploy an exploit specific to that platform.
BlueBorne does not require the targeted user to click on a link or open a file, and the malicious activities can take place in the background, making it less likely for the victim to notice anything suspicious. And since the attack leverages Bluetooth, a less common attack vector, many security solutions may not detect the malicious activity, Armis said.
With all the smartphones out there whose manufacturers and carriers refuse to update them after a year or so, I can see this being a big, big problem.
Source: http://www.securityweek.com/billions-devices-potentially-exposed-new-bluetooth-attack
(Score: 3, Informative) by Runaway1956 on Wednesday September 13 2017, @02:15AM (5 children)
That - and/or don't use your mobile device for banking and other sensitive uses.
It's probably a little more difficult for someone to exploit bluetooth on most people's desktops. Getting in range of my desktop means you're on my property, or at least, standing at the end of my driveway. I just might notice you there, and wonder WTF you're doing. That telephone? Even those of us who live in rural areas pass within bluetooth range of hundreds of people on a daily basis. Even those of us who hate Walmart end up visiting the damned place pretty often, we stop for gas, visit a parts house now and then, etc etc.
(Score: 0) by Anonymous Coward on Wednesday September 13 2017, @03:21AM (4 children)
Getting in range of my desktop means you're on my property, or at least, standing at the end of my driveway.
(Unrelated question, why isn't blockqoute working in preview? I wonder if it will work when this posts. The line above should be blockqouted.)
Um, no.
https://www.youtube.com/watch?v=qlf6xQ0fMoU [youtube.com]
Unless, of course, you live out in the sticks and own several thousand acres of land. Or you own a typical desktop computer that doesn't have Bluetooth. But this likely won't be used in a targeted attack that way. This will be used by an asshole sitting in a panel van with a "cell phone" antenna on the roof parked in front of wally world spreading a ransomware worm to every poor schmuck that walks within 100 feet of him.
Speaking of which, time to go pull a new nandroid backup from my geriatric smartphone...
(Score: 2) by JNCF on Wednesday September 13 2017, @04:10AM (1 child)
<quote>
</quote>
Works for me. Did you type <blockquote> instead of <quote>, perhaps?
(Score: 0) by Anonymous Coward on Wednesday September 13 2017, @04:13AM
- another AC
(Score: 2) by c0lo on Wednesday September 13 2017, @05:13AM (1 child)
Spell it right and it will work.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Wednesday September 13 2017, @06:28AM
It would help if I could type and proofread, wouldn't it?