For example, a delivery person dropping a package at a bank could carry weaponized code on a BlueTooth-enabled device. The vulnerabilities affect unpatched versions of Google Android, Microsoft Windows, Linux operating system, and Apple iOS.
BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. This would enable attackers to download malware to devices and take complete control of them.
Security researchers have discovered a set of severe vulnerabilities affecting devices that connect via Bluetooth.
Armis Labs argued that current security measures such as endpoint protection, mobile data management, firewalls, and network security solutions are not created to deal with airborne attacks, because their main focus is to block attacks that happen over IP connections.
Several companies, including software and device makers, were notified of the vulnerabilities in April and have since rolled out patches. A spokesperson for Microsoft claimed it first released patches for BlueBorne in July this year. It plans to make the patch available starting today for users of the Pixel XL and other Google-branded phones, but if past security bulletins are any guide, it may take weeks before over-the-air fixes are available to all users.
The researchers said they expect Linux, which is an open source project managed by a community of volunteers, to release a fix soon.
The vulnerability uncovered by Armis in older versions of iOS had been fixed by Apple in iOS 10 and Apple TV 7.2.2.
The majority of Android phones, tablets, and wearables - except devices only with Bluetooth Low Energy - are vulnerable to two memory corruption-based remote code execution flaws, an information leak bug, and a data intercepting man-in-the-middle attack. The Bluetooth functionality in both OSes also runs with high system privileges, allowing the resulting infection to access sensitive system resources and survive multiple reboots.
"In some areas the Bluetooth specifications leave too much room for interpretation, causing fragmented methods of implementation in the various platforms, making each of them more likely to contain a vulnerability of its own", the company said.
Adding to the increasing potential for attack is the fact that just about every electronic device includes support for Bluetooth connectivity. It could also change data in transit. The Android implementation is vulnerable to the same attack. The researchers consider three of the flaws to be critical. All parties agreed to keep the findings confidential until today's coordinated disclosure.
These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date.
More information on the attack can be found below.
What makes BlueBorne special is that unlike similar attacks such as the recent one against Broadcom Wi-Fi chips, which also happened to be airborne, the BlueBorne attack doesn't affect only the peripherals of a device but can give an attacker full control over the infected device right from the start.
Typical of most proof-of-concept exploits, the BlueBorne attacks demonstrated in the videos are relatively simple. "The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim's device, re-configure IP routing and force the device to transmit all communication through the malicious network interface". Such self-replicating exploits could quickly take over huge numbers of devices at conferences, sporting events, or in work places. The vulnerabilities reported by Armis now reinforce the wisdom of that advice.
Finally there is a Remote Code Execution vulnerability in Apple's Low Energy Audio Protocol, that now does not yet have CVE number assigned.
The Democratic People's Republic of Korea (DPRK) is "ready to use a form of ultimate means", Han said without elaborating. She added: "We are doing that by hitting North Korea's ability to fuel and fund its weapons programme".
The general Index for the month of July 2017 stands at 118.2, which is 1.2% as compared to the level in the month of July 2016. The cumulative growth for the period April-July 2017 over the corresponding period of the previous year stands at 1.7%.
Damond's fiancé, Don Damond, released a statement Tuesday saying "the wait continues for Justine's family and me". THE investigation into Justine Damond's killing by Minneapolis cop Mohamed Noor has cleared its first stage.
The spinoff marks George's third Shondaland drama after Grey's and ABC's short-lived Hawaii-set medical drama Off the Map . The actor will remain a series regular until the spinoff, which will premiere as a planted episode of " Grey's ".
He and COO Paul Culbreth, who will also join Patterson-UTI, co-founded the company that purchased MS Energy from previous owners. It has outperformed by 16.21% the S&P500.The move comes after 8 months positive chart setup for the $3.83 billion company.
She said the US would continue to act to disrupt North Korea's illicit activities wherever they are located. North Korea said that the pain would be like something that America has never experienced before.
That uncertainty has forced hospitals from the Florida Keys all the way to the coastal barrier islands of SC to move patients. FPL has set up more than 20 staging sites to deploy thousands of employees and contract workers to restore power, he said.
She began a 16-year career at Armonk, New York-based International Business Machines Corp.in systems architecture and operations. She moved to New York City, "to let myself be gay", she recalled in an interview with the New York Times .
It has underperformed by 18.19% the S&P500.The move comes after 6 months negative chart setup for the $20.62 billion company. Newmont Mining Corporation (NYSE:NEM) previously issued its fiscal periodic earnings information on early Tue, Jul 25th.
Taking a Fresh Look at Bank of America Corporation (BAC)
Comerica Bancorp stated it has 0.05% of its portfolio in Entergy Corporation (NYSE:ETR). 11,572 were accumulated by Waldron L P. It is positive, as 55 investors sold CVX shares while 689 reduced holdings. 123 funds opened positions while 431 raised stakes.
No federal charges for officers in Freddie Gray case
The Department of Justice will not seek charges against these officers involved in the death of Freddie Gray in 2015. Baltimore State's Attorney Marilyn Mosby then made a decision to drop the remaining cases.
New playmate arrives for confiscated tiger cub
Barring any issues, the lucky folks of San Diego will then be able to peep the cubs at the nursery window of the Safari Park. Sumatran tigers are listed as critically endangered by the International Union for Conservation of Nature.
Liam Neeson announces retirement from action films
However, that isn't the case with the latest Liam Neeson mystery-thriller, though the two films appear to be very much alike. These included the likes of The Grey , The A-Team and Non-Stop , along with the ubiquitous Taken sequels.
European Union seeks to ramp up North Korea sanctions pressure
It was the ninth sanctions resolution against North Korea that has been unanimously adopted by the 15-member council since 2006. Pyongyang warned the U.S. on Monday that it would pay a "due price" for spearheading efforts on United Nations sanctions.
Hurricane Irma makes landfall in lower Florida Keys
Irma made landfall on the Florida Keys as a Category 4 hurricane Sunday, but the full extent of the damage there is still unknown. The second victim was a sergeant at the Hardee Correctional Institute who had been on his way to work, the highway patrol said.
South Florida Airports Re-Open With Limited Operations
Now, there are signs that massive demand for gas caused by Hurricane Irma is spreading to Florida's neighbors to the north. In a parting shot, it triggered severe flooding around Jacksonville in the state's northeastern corner.