Skip to main content

BlueBorne Bluetooth Attack : How To Update Protect My Device From BlueBorne?


Armis has tagged four of the vulnerabilities as critical. These bugs allow attackers to take control of users’ device, steal confidential data, access corporate networks, perform remote
code execution and MITM attacks, spread malware to nearby devices, and even penetrate “air-gapped” networks.
All of this can be done wirelessly, an advantage of the Bluetooth technology, over the air (airborne). That’s why the attack vector collection is called BlueBorne.
The list of affected hardware includes common devices like smartphones, tablets, PCs running operating systems like Android, iOS, Windows, Linux, etc., as well as, various IoT devices. Bluetooth SIG estimates there are around 8.2 billion Bluetooth-compatible devices. So, potentially, it’s almost every Bluetooth device, according to the researchers.
Armis researchers have described BlueBorne in a detailed post. The security firm notes that the Bluetooth radio of the target devices should be turned on to perform the attack. There is no need for the device to be paired with the attacker, and it works even if the target device is not discoverable.
BlueBorne’s capabilities of spreading from one device to another over the air are dangerous. And it could even serve as the launchpad for the creation of large botnets like Mirai and WireX.

What devices are affected from BlueBorne?

“The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use,” the researchers write in the blog post.
Since April, the researchers have informed Google, Microsoft, Apple, Samsung, and the Linux Foundation and worked with them to roll out the fix. A coordinated public disclosure was made on September 12.

iOS

The vulnerability in the case of iOS devices is limited to iOS 9.3.5 and lower versions. For Apple TV, it’s 7.2.2 and lower. For iOS 10, no patch is required as the bug is already eliminated.

Android

All Android devices, except the ones “only” using Bluetooth Low Energy, are affected by four vulnerabilities (CVE-2017-0781, CVE-2017-0782, CVE-2017-0785, CVE-2017-0783) that are a part of BlueBorne.
The bugs impact devices like Google Pixel, Samsung Galaxy, Pumpkin Car Audio System, etc. You can download the Armis BlueBorne Scanner app from Google Play to check if your Android device is affected.
While there is no mention of Android Oreo, Google has issued security patches for Android Nougat and Marshmallow as a part of the September Security Bulletin.

Windows

Windows versions released since Vista are affected by vulnerability (CVE-2017-8628) called “Bluetooth Pineapple”. It can be used to perform MITM attacks.
Microsoft has released the fix through their Patch Tuesday update on September 12.

Linux

Currently, there is no patch available for Linux devices where the Linux kernel is at heart of various operating systems, commonly known as Linux distributions.
The researchers say the ones running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250). Linux devices released since October 2011 (3.3-rc1) are affected by the remote code execution bug (CVE-2017-1000251).
Examples of impacted devices include Samsung Gear S3, Samsung Smart TVs, and Samsung Family Hub.

How to update protect my device from BlueBorne?

According to the researchers, BlueBorne vulnerabilities could be spread using new ways. Thus, traditional security measures including firewalls, mobile data management, network security solutions, endpoint protection, etc. aren’t effective against such attacks as they are mostly designed to counter internet-based threats.
The first and foremost thing you can do is update your device if the manufacturer has been kind enough to deliver the security patch.
Make sure that Bluetooth on your device isn’t enabled when not needed. Special attention should be paid while using Bluetooth on your phone, be alert regarding unsuspicious activities.
You can read the original blog post to know more about BlueBorne.

Comments

Follow Us

WHAT'S HOT

Best Gaming Linux Distros You Need To Try In 2017

Gaming on Linux scene is improving each year with better hardware support and increasing support from game developers. Apart from established distros like Ubuntu and Arch Linux, gamers are using gaming Linux distros like Steam OS to get a better experience. The other It’s gaming operating systems are Sparky Linux – Gameover

How To Connect Android or iOS Phone To Windows 10

The  Continue on PC  feature is currently available to Windows Insiders, but it’ll arrive for regular users once the update starts landing on their PCs. If you’re running an Insider build, you can use the steps mentioned in this post to connect your phone to Windows 10 PC.

Google Announces New Camera Called Google Clips

The core of the camera is AI engine which does the processing part and gets smarter over time. Clips can detect people and subjects using machine learning that happens on the system itself.

Windows Subsystem For Linux Is Beta No More, Gets “Full Support” In Windows 10 Fall Creators Update

As we told you earlier, WSL on Windows 10  moved out of beta  in August. It still carries the beta tag in Windows 10 Creators Update. Also, it won’t require people to enable developer