Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Saturday November 18 2017, @10:39AM   Printer-friendly
from the I-hear-you dept.

A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.

As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne.

BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks.

What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any fileā€”all without requiring user interaction. Also, most security products would likely not be able to detect the attack. What's even scarier is that once an attacker gains control of one Bluetooth-enabled device, he/she can infect any or all devices on the same network.

These Bluetooth vulnerabilities were patched by Google for Android in September, Microsoft for Windows in July, Apple for iOS one year before disclosure, and Linux distributions also shortly after disclosure. However, many of these 5 billion devices are still unpatched and open to attacks via these flaws.

Source: https://thehackernews.com/2017/11/amazon-alexa-hacking-bluetooth.html


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by zocalo on Saturday November 18 2017, @12:19PM (4 children)

    by zocalo (302) on Saturday November 18 2017, @12:19PM (#598634)
    Just about every single phone, laptop, tablet, and many models of things like cameras and speakers, come equipped with BlueTooth. On a global scale that there are quite literally billions of unpatched devices, most of which will never even have a patch available let alone applied (or even a way to do so), shouldn't really come as a surprise. The real surprise here is that despite people realising that there were risks in the MS Windows monoculture how few of seem to have considered just how pervasive some of the underlying technologies were getting and that this too was a monoculture with huge risks attached to it.
    --
    UNIX? They're not even circumcised! Savages!
    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by Yog-Yogguth on Saturday November 18 2017, @01:18PM (3 children)

    by Yog-Yogguth (1862) Subscriber Badge on Saturday November 18 2017, @01:18PM (#598646) Journal

    It's the ultimate good news.

    Not because people in general will start to think about security, they won't. Even if they did they can't so much about it, nor can I.

    The ultimate good news is that it will be taken advantage of and while I myself might also suffer from that my suffering will be minuscule compared to the suffering of companies and governments.

    And that in turn might actually translate into changes for the better if their losses are huge enough.

    Nah who am I kidding, nothing will get better, this is nothing compared to the Snowden files and that sure as hell didn't change or stop anything, it only got worse and we're all paying even more for it now than before so us insignificant ones are actually getting hit harder!

    How hilarious :D

    (Post might contain overdose levels of black comedy... this advisory warning is too late!)

    --
    Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
    • (Score: 1) by Yog-Yogguth on Saturday November 18 2017, @01:20PM

      by Yog-Yogguth (1862) Subscriber Badge on Saturday November 18 2017, @01:20PM (#598648) Journal

      Errata do not so :| *farts out through the other ear while I'm already at it*

      --
      Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
    • (Score: 2) by frojack on Saturday November 18 2017, @07:22PM (1 child)

      by frojack (1554) on Saturday November 18 2017, @07:22PM (#598728) Journal

      The ultimate good news is that it will be taken advantage of and while I myself might also suffer from that my suffering will be minuscule compared to the suffering of companies and governments.

      Seriously? That's what your definition of GOOD is?

      Does anyone know of one person harmed by this devastating vulnerability? Anyone?
      I have some bluetooth headphones. I use them with my Android (patched) or my Linux computer (patched). How much of my secret data has been siphoned off through my headphones?

      There is no exploit other than the one specially created in the lab.

      Using these vulnerabilities, security researchers at IoT security firm Armis have devised an attack,

      They spread scary boogieman claims of worms. (Then they had to walk those back):

      However, Seri believes that it is difficult for even a skilled attacker to create a universal wormable exploit that could find Bluetooth-enabled devices, target all platform together and spread automatically from one infected device to others.

      Just about every platform that could conceivably in your wildest dreams be leveraged to do actual damage has been patched.
      Yeah, Your idiotic IOT device may never get patched, but you will tire of it before an actual exploit is ever developed. Just how much processing power does tat bluetooth remote controlled toothbrush have anyway?

      Like virtually all of these monumental world wide hacks this is a huge pot of boiling and frothing air.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by Yog-Yogguth on Saturday November 18 2017, @11:25PM

        by Yog-Yogguth (1862) Subscriber Badge on Saturday November 18 2017, @11:25PM (#598784) Journal

        From the end of the comment:

        "(Post might contain overdose levels of black comedy... this advisory warning is too late!)"

        Gallows humor.

        Maybe not now, maybe not Bluetooth, but soon enough.

        IoT processors have already been used to launch some hefty network attacks, that's old hat.

        Instead someone is bound to want to cycle a large amount of devices (millions, billions, large multipliers) on and off at whichever speed maximizes power draw. Compare this with the substantial usage spikes from a number of British people turning on electric kettles during football (soccer) match half time pauses or during advertising breaks of very popular television programs.

        How many shuddering garage doors does it take to bring down the US power grid? How many light bulbs doing synchronized flashing? How many thermostats raising temperatures as much as possible? How many air conditioners stuck on full blast? How many fridges and freezers dropping their temperatures as low as possible? How many personal eavesdropping devices constantly fiddling with the computers they have legitimate access to?

        Who doesn't want to know?

        --
        Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))