Skip to main content

BlueBorne Bluetooth Attack : How To Update Protect My Device From BlueBorne?


Armis has tagged four of the vulnerabilities as critical. These bugs allow attackers to take control of users’ device, steal confidential data, access corporate networks, perform remote
code execution and MITM attacks, spread malware to nearby devices, and even penetrate “air-gapped” networks.
All of this can be done wirelessly, an advantage of the Bluetooth technology, over the air (airborne). That’s why the attack vector collection is called BlueBorne.
The list of affected hardware includes common devices like smartphones, tablets, PCs running operating systems like Android, iOS, Windows, Linux, etc., as well as, various IoT devices. Bluetooth SIG estimates there are around 8.2 billion Bluetooth-compatible devices. So, potentially, it’s almost every Bluetooth device, according to the researchers.
Armis researchers have described BlueBorne in a detailed post. The security firm notes that the Bluetooth radio of the target devices should be turned on to perform the attack. There is no need for the device to be paired with the attacker, and it works even if the target device is not discoverable.
BlueBorne’s capabilities of spreading from one device to another over the air are dangerous. And it could even serve as the launchpad for the creation of large botnets like Mirai and WireX.

What devices are affected from BlueBorne?

“The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use,” the researchers write in the blog post.
Since April, the researchers have informed Google, Microsoft, Apple, Samsung, and the Linux Foundation and worked with them to roll out the fix. A coordinated public disclosure was made on September 12.

iOS

The vulnerability in the case of iOS devices is limited to iOS 9.3.5 and lower versions. For Apple TV, it’s 7.2.2 and lower. For iOS 10, no patch is required as the bug is already eliminated.

Android

All Android devices, except the ones “only” using Bluetooth Low Energy, are affected by four vulnerabilities (CVE-2017-0781, CVE-2017-0782, CVE-2017-0785, CVE-2017-0783) that are a part of BlueBorne.
The bugs impact devices like Google Pixel, Samsung Galaxy, Pumpkin Car Audio System, etc. You can download the Armis BlueBorne Scanner app from Google Play to check if your Android device is affected.
While there is no mention of Android Oreo, Google has issued security patches for Android Nougat and Marshmallow as a part of the September Security Bulletin.

Windows

Windows versions released since Vista are affected by vulnerability (CVE-2017-8628) called “Bluetooth Pineapple”. It can be used to perform MITM attacks.
Microsoft has released the fix through their Patch Tuesday update on September 12.

Linux

Currently, there is no patch available for Linux devices where the Linux kernel is at heart of various operating systems, commonly known as Linux distributions.
The researchers say the ones running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250). Linux devices released since October 2011 (3.3-rc1) are affected by the remote code execution bug (CVE-2017-1000251).
Examples of impacted devices include Samsung Gear S3, Samsung Smart TVs, and Samsung Family Hub.

How to update protect my device from BlueBorne?

According to the researchers, BlueBorne vulnerabilities could be spread using new ways. Thus, traditional security measures including firewalls, mobile data management, network security solutions, endpoint protection, etc. aren’t effective against such attacks as they are mostly designed to counter internet-based threats.
The first and foremost thing you can do is update your device if the manufacturer has been kind enough to deliver the security patch.
Make sure that Bluetooth on your device isn’t enabled when not needed. Special attention should be paid while using Bluetooth on your phone, be alert regarding unsuspicious activities.
You can read the original blog post to know more about BlueBorne.

Comments

Follow Us

WHAT'S HOT

Best Gaming Linux Distros You Need To Try In 2017

Gaming on Linux scene is improving each year with better hardware support and increasing support from game developers. Apart from established distros like Ubuntu and Arch Linux, gamers are using gaming Linux distros like Steam OS to get a better experience. The other It’s gaming operating systems are Sparky Linux – Gameover

111 Popular And Most Useful Webpages On The Internet

With the sheer myriad of websites available on it, the internet can often prove to be a pretty overwhelming place. As such it becomes really difficult to single out the useful websites from the needless ones. So today we bring to you a list of some of the most interesting and useful

Google’s Open Source DIY Kit Turns Your Raspberry Pi Into An AI Assistant

The latest edition of the MagPi magazine includes a DIY kit created by Google that can be used to create a custom Google Home device powered by Raspberry Pi. A user can take advantage of the Google Assistant SDK and Google Cloud Speech API to enable voice control in their projects.

Russian Hackers Used Kaspersky Software To Steal NSA Secrets And Code

According to a  report from WSJ , NSA’s classified data, which wasn’t supposed to leave the facility’s perimeter where a contractor worked, was stolen by Russian hackers. This incident