Billions Of Devices At Risk From Bluetooth Flaws — Blueborne Attacks

Billions Of Devices At Risk From Bluetooth Flaws — Blueborne Attacks

A set of vulnerabilities affecting "almost every" Bluetooth-connected desktop, mobile, and smart device on the market has been revealed.

Despite the fact that the vulnerabilities are complex and widely patched, Armis researchers estimated that they could still affect 5.3 billion unpatched devices.

Despite the security updates being rolled out, BlueBorne is still a threat due to how careless many users are with their device updates.

"BlueBorne is another example of how simple it is for hackers to quickly scan for, and then exploit, open Bluetooth devices".

Ben Seri, one of Armis' researchers, used the vulnerabilities to connect to the Pixel without any input from the device.

Armis, which has a commercial stake in the IoT security space, warned that the attack vector can be exploited silently.

Also, the vulnerabilities in BlueBorne are widespread and patches will be coming out for months-so users should disable their Bluetooth until they become available.

Ben Seri, Armis Labs' head of research, fears that BlueBorne will lead to a similar massive outbreak.

More than 8.2 billion Bluetooth devices are now in use, they noted.

Questions are being raised again about the security of Bluetooth after researchers uncovered another flaw that could potentially compromise billions of devices.

The other wildcard here: Linux-based devices.

This means that not all vulnerable devices will have the same exact virus.

The Bluetooth Pineapple vulnerability allows an attacker to create a MITM attack using only a Bluetooth-connected device and no special equipment, which is often required for Wi-Fi interception. The company has reported these flaws to affected companies - including Google, Microsoft, Apple, Samsung, and Linux - and is working with them to get patches deployed.

Other attacks would allow attackers to remotely execute malicious code on the device, which could be used to hijack or corrupt a Bluetooth-enabled device.

The vulnerability was mitigated by Apple in iOS 10.

In the case of Apple, devices with iOS 9.3.5 and lower, and AppleTV devices running version 7.2.2 and lower are vulnerable.

"These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date", an Armis spokesperson told Bleeping Computer via email. They also do not need pairing to be implemented.

Now for the good news. The majority of newer phones, tablets, and some computers have already been fixed.

Armis is in the business of helping to secure internet of things (IoT) devices.

Google is patching Android 4.4.4 KitKat and later, leaving fewer than one-in-ten older Android devices without the patches. Google said Android partners received the patch in early August, but it's up to the carriers to release the updates. Windows Phones are not affected. The attacker will then exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform and gain the access he needs to act on his malicious objective.

The company has also uploaded a white paper (PDF) that goes into deeper detail regarding the exploit.

Armis Labs argued that airborne attacks show a new type of threat that's typically not taken into account by traditional security solutions.

For more on BlueBorne, check out the video below.

'You could be simply walking down the street [and] you walk past someone who is vulnerable and suddenly they are infected, ' said Mr Miller.



Related Posts

Chiefs at Patriots: Preview, prediction, odds and pick
Bill Belichick and Reid have a close relationship, and they've faced off in big games before - including Super Bowl XXXIX. On Thursday night they'll begin their defense of that title, opening the 2017 season against the Kansas City Chiefs .

56 in US News college rankings
The Tickle College of Engineering's undergraduate program was ranked No. 34 among public universities and No. 61 in the country. The College of Engineering is ranked 34th among public universities with doctoral programs, up from 41st previous year .

Record flooding in Jacksonville as Georgia braces for epic storm surge
Before slamming into to the United States, Irma hit Cuba late Friday as a Category 5 hurricane . Petersburg metro, Jacksonville, Tallahassee, Thomasville and Valdosta".

Mercedes-AMG brings Formula 1 technology to the road
On the inside, the Project One seats two in what Moers described as a "highly functional" interior . However, it won't come cheap - the Project One is priced at an eye-watering $2.53 million dollars.

Suddenly, more US Democrats back government health care
Bernie Sanders' (I-Vt.) single-payer healthcare bill , making her the 10th Democratic senator to come out in favor of the measure. Sanders says the bill he will release on Wednesday will provide a more detailed blueprint for his health care plans .

Jacksonville Jaguars: 3 Takeaways from Week 1 vs Texans
They were talking about the defensive lineman on the Texans. "Come on, man", Ramsey said. "That was our whole game plan". I think Jacksonville will rush Fournette 15+ times , but I hope the Texans defense clogs up the running holes.

Apple's biggest event in years
The tweet also reveals the price of all three variants with base model priced at $999 and top end model priced at $1199. Forbes .com reported the phones will have an enlarged, elongated 5.8-inch display surrounded by reduced black bezels.

LeSean McCoy Injury: Bills RB Leaves Game Holding Wrist
He was 12-of-15 in the first half for 85 yards, with two of the incompletions drops by Matt Forté and the third a throwaway. Buffalo would reopen a more comfortable lead when Taylor hit Andre Holmes for another short, one-yard touchdown.

Juicy matchup in NFL's opening week: Seahawks at Packers
Jon Kitna threw two touchdown passes for the Seahawks and Brett Favre threw four interceptions in the Packers' 27-7 loss. Wilson found receiver Doug Baldwin streaking across the field for a gain of 34 to the Packers' 44 with 22 seconds left.

Watch NFL Monday Night Football Online
I would feel better if Lamp was playing or if Tuerk and Feeney had played out of their minds in camp to get starting jobs. The Broncos , meanwhile, shook up their vaunted "No Fly Zone" defensive secondary when they released veteran safety T.J.

© 2015 Stocks News Daily. All Rights reserved.