SoylentNews

Billions of Devices Potentially Exposed to New Bluetooth Attack

posted by CoolHand on Wednesday September 13 2017, @01:13AM   
from the color-us-blue dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Billions of Android, iOS, Windows and Linux devices that use Bluetooth may be exposed to a new attack that can be carried out remotely without any user interaction, researchers warned.

Armis Labs, a company that specializes in protecting Internet of Things (IoT) devices, has discovered a total of eight Bluetooth implementation vulnerabilities that expose mobile, desktop and IoT systems to an attack it has dubbed "BlueBorne."

According to the security firm, the attack only requires Bluetooth to be enabled on the targeted device – no pairing is needed between the victim and the attacker's device, and the Bluetooth connection does not even have to be discoverable.

A hacker who is in range of the targeted device can exploit one of the several Bluetooth implementation vulnerabilities that can lead to remote code execution, information disclosure or man-in-the-middle (MitM) attacks. The attacker only needs to determine what type of operating system the target is using in order to deploy an exploit specific to that platform.

BlueBorne does not require the targeted user to click on a link or open a file, and the malicious activities can take place in the background, making it less likely for the victim to notice anything suspicious. And since the attack leverages Bluetooth, a less common attack vector, many security solutions may not detect the malicious activity, Armis said.

With all the smartphones out there whose manufacturers and carriers refuse to update them after a year or so, I can see this being a big, big problem.

Source: http://www.securityweek.com/billions-devices-potentially-exposed-new-bluetooth-attack

Armis Labs. US-CERT.

---

Original Submission

• Re:Only Android Phones Re:Only Android Phones (Score: 3, Informative) by JNCF on Wednesday September 13 2017, @04:17AM (3 children)

  by JNCF (4317) on Wednesday September 13 2017, @04:17AM (#567074) Journal

  TFA contradicts it:

  Apple has already addressed the vulnerabilities with the release of iOS 10 (one year ago) and Apple TV 7.2.2. Earlier versions of the Apple operating systems are still vulnerable to attacks.

  I'm going with the more specific source being correct. Android phones that still get security updates have also been patched (albeit more recently).

  Parent

  Starting Score:	1		point
  Moderation		+1
  Informative=1, Total=1
  Extra 'Informative' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3

• Re:Only Android Phones Re:Only Android Phones (Score: 1, Insightful) by Anonymous Coward on Wednesday September 13 2017, @06:41AM (1 child)

  by Anonymous Coward on Wednesday September 13 2017, @06:41AM (#567103)

  Android phones that still get security updates

  Which, sadly, is probably only around 60% of Android devices, if that. So we have two options: throw away still useful devices, contributing to the world's e-waste problem, or continue to use insecure devices and contribute to the "internet is a nasty place" problem.

  <sarcasm>What a wonderful world unchecked corporatism has given us.</sarcasm>

  Parent

  • Re:Only Android Phones (Score: 2, Interesting) by Anonymous Coward on Wednesday September 13 2017, @07:45AM

    by Anonymous Coward on Wednesday September 13 2017, @07:45AM (#567122)

    There might be a 3rd option: root it and install something secure on it.

    The insecure throwaway culture of today makes me sick.

    Parent

• Re:Only Android Phones (Score: 0) by Anonymous Coward on Wednesday September 13 2017, @09:42AM

  by Anonymous Coward on Wednesday September 13 2017, @09:42AM (#567148)

  I'm going with the more specific source being correct.

  Original AC here. I agree with you. TechCrunch should have been much more specific and stated something like "up-to-date iOS devices".

  Parent