Billions Of Devices At Risk From Bluetooth Flaws — Blueborne Attacks

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices

For example, a delivery person dropping a package at a bank could carry weaponized code on a BlueTooth-enabled device. The vulnerabilities affect unpatched versions of Google Android, Microsoft Windows, Linux operating system, and Apple iOS.

BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. This would enable attackers to download malware to devices and take complete control of them.

Security researchers have discovered a set of severe vulnerabilities affecting devices that connect via Bluetooth.

Armis Labs argued that current security measures such as endpoint protection, mobile data management, firewalls, and network security solutions are not created to deal with airborne attacks, because their main focus is to block attacks that happen over IP connections.

Several companies, including software and device makers, were notified of the vulnerabilities in April and have since rolled out patches. A spokesperson for Microsoft claimed it first released patches for BlueBorne in July this year. It plans to make the patch available starting today for users of the Pixel XL and other Google-branded phones, but if past security bulletins are any guide, it may take weeks before over-the-air fixes are available to all users.

The researchers said they expect Linux, which is an open source project managed by a community of volunteers, to release a fix soon.

The vulnerability uncovered by Armis in older versions of iOS had been fixed by Apple in iOS 10 and Apple TV 7.2.2.

The majority of Android phones, tablets, and wearables - except devices only with Bluetooth Low Energy - are vulnerable to two memory corruption-based remote code execution flaws, an information leak bug, and a data intercepting man-in-the-middle attack. The Bluetooth functionality in both OSes also runs with high system privileges, allowing the resulting infection to access sensitive system resources and survive multiple reboots.

Stephon Marbury announces he's attempting National Basketball Association comeback
It ended with the Knicks and Marbury agreeing on a buyout in 2009 after the point guard was benched for his final season in NY . Marbury has spent the last nine years playing professional basketball in China, where he has developed a massive following.

Trading Statistics of Cognizant Technology Solutions Corporation (CTSH)
It is positive, as 90 investors sold AAPL shares while 975 reduced holdings. 103 funds opened positions while 243 raised stakes. CHINTAMANENI RAMAKRISHNA PRASAD sold $361,800 worth of Cognizant Technology Solutions Corp (NASDAQ: CTSH ) on Thursday, May 25.

Texas AG Files Suit Against 3 Texas Business for Price Gouging
The Consumer Protetion Division of the Attorney General's office is now handling over 3,321 known complaints about price gouging. Consumer complaints about price gouging was making waves across social media channels following Hurricane Harvey.

"In some areas the Bluetooth specifications leave too much room for interpretation, causing fragmented methods of implementation in the various platforms, making each of them more likely to contain a vulnerability of its own", the company said.

Adding to the increasing potential for attack is the fact that just about every electronic device includes support for Bluetooth connectivity. It could also change data in transit. The Android implementation is vulnerable to the same attack. The researchers consider three of the flaws to be critical. All parties agreed to keep the findings confidential until today's coordinated disclosure.

These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date.

More information on the attack can be found below.

What makes BlueBorne special is that unlike similar attacks such as the recent one against Broadcom Wi-Fi chips, which also happened to be airborne, the BlueBorne attack doesn't affect only the peripherals of a device but can give an attacker full control over the infected device right from the start.

Typical of most proof-of-concept exploits, the BlueBorne attacks demonstrated in the videos are relatively simple. "The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim's device, re-configure IP routing and force the device to transmit all communication through the malicious network interface". Such self-replicating exploits could quickly take over huge numbers of devices at conferences, sporting events, or in work places. The vulnerabilities reported by Armis now reinforce the wisdom of that advice.

Finally there is a Remote Code Execution vulnerability in Apple's Low Energy Audio Protocol, that now does not yet have CVE number assigned.

BlueBorne - WannaCry of the Bluetooth world?

Related:

  • North Korea's Development of Nuclear Force Reaches Completion Phase - Envoy

    North Korea's Development of Nuclear Force Reaches Completion Phase - Envoy

    The Democratic People's Republic of Korea (DPRK) is "ready to use a form of ultimate means", Han said without elaborating. She added: "We are doing that by hitting North Korea's ability to fuel and fund its weapons programme".
    Inflation at a 5-month high, rate cut unlikely

    Inflation at a 5-month high, rate cut unlikely

    The general Index for the month of July 2017 stands at 118.2, which is 1.2% as compared to the level in the month of July 2016. The cumulative growth for the period April-July 2017 over the corresponding period of the previous year stands at 1.7%.
    Minnesota authorities consider charges against officer in shooting death of Justine Damond

    Minnesota authorities consider charges against officer in shooting death of Justine Damond

    Damond's fiancé, Don Damond, released a statement Tuesday saying "the wait continues for Justine's family and me". THE investigation into Justine Damond's killing by Minneapolis cop Mohamed Noor has cleared its first stage.
  • 'Grey's Anatomy' Star Jason George Joins Firefighter Spinoff Series

    'Grey's Anatomy' Star Jason George Joins Firefighter Spinoff Series

    The spinoff marks George's third Shondaland drama after Grey's and ABC's short-lived Hawaii-set medical drama Off the Map . The actor will remain a series regular until the spinoff, which will premiere as a planted episode of " Grey's ".
    'We will not stop working': FPL vows to quickly restore Florida power

    'We will not stop working': FPL vows to quickly restore Florida power

    Gas stations, supermarkets, pharmacies and community centers would be next in order of importance. Just over five million electric customers in the State of Florida remained powerless as of 6 a.m.

    Patterson-UTI Energy, Inc. (NASDAQ:PTEN) Under Analyst Spotlight

    He and COO Paul Culbreth, who will also join Patterson-UTI, co-founded the company that purchased MS Energy from previous owners. It has outperformed by 16.21% the S&P500.The move comes after 8 months positive chart setup for the $3.83 billion company.
  • Chinese banks halt transactions for North Koreans

    Chinese banks halt transactions for North Koreans

    She said the US would continue to act to disrupt North Korea's illicit activities wherever they are located. North Korea said that the pain would be like something that America has never experienced before.
    Seattle Mayor Ed Murray resigns after new allegation of sexual abuse

    Seattle Mayor Ed Murray resigns after new allegation of sexual abuse

    Lloyd Anderson backs up Simpson's allegations, and said he was also paid by Murray, according to the Times. Murray denies the claims, but said that he was afraid the claims could impact city business.
    Area employers expect a bit more hiring in fourth quarter

    Area employers expect a bit more hiring in fourth quarter

    ManpowerGroup's employment outlook survey includes responses from more than 11,500 U.S. employers. Meanwhile, Eastern Cape employers report the most cautious outlook of a 1% increase.
  • Hurricane Irma: Two-thirds of Florida without power

    Hurricane Irma: Two-thirds of Florida without power

    That uncertainty has forced hospitals from the Florida Keys all the way to the coastal barrier islands of SC to move patients. FPL has set up more than 20 staging sites to deploy thousands of employees and contract workers to restore power, he said.
    Gay Rights Pioneer Edith Windsor Dies at 88

    Gay Rights Pioneer Edith Windsor Dies at 88

    She began a 16-year career at Armonk, New York-based International Business Machines Corp.in systems architecture and operations. She moved to New York City, "to let myself be gay", she recalled in an interview with the New York Times .
    Analysts Rated Newmont Mining Corporation (NEM) as Buy

    Analysts Rated Newmont Mining Corporation (NEM) as Buy

    It has underperformed by 18.19% the S&P500.The move comes after 6 months negative chart setup for the $20.62 billion company. Newmont Mining Corporation (NYSE:NEM) previously issued its fiscal periodic earnings information on early Tue, Jul 25th.

Comments

Latest news

Golar LNG Partners LP (GMLP) Upgraded at Zacks Investment Research
Golar LNG Partners ( NASDAQ :GMLP) transacted up 1.6437% throughout intraday market trading on early Monday , topping $21.9652. The business is scheduled to report its next quarterly earnings report before the market opens on Wednesday, August 30th.

Taking a Fresh Look at Bank of America Corporation (BAC)
Comerica Bancorp stated it has 0.05% of its portfolio in Entergy Corporation (NYSE:ETR). 11,572 were accumulated by Waldron L P. It is positive, as 55 investors sold CVX shares while 689 reduced holdings. 123 funds opened positions while 431 raised stakes.

No federal charges for officers in Freddie Gray case
The Department of Justice will not seek charges against these officers involved in the death of Freddie Gray in 2015. Baltimore State's Attorney Marilyn Mosby then made a decision to drop the remaining cases.

Indicator Level Summary For Ishares China Large-Cap Etf (FXI) Shares
Many traders will use a combination of moving averages with different time frames to help review stock trend direction. A value of 50-75 would signify a very strong trend, and a value of 75-100 would point to an extremely strong trend.

New playmate arrives for confiscated tiger cub
Barring any issues, the lucky folks of San Diego will then be able to peep the cubs at the nursery window of the Safari Park. Sumatran tigers are listed as critically endangered by the International Union for Conservation of Nature.

Revered Musician Virgil Howe, Son Of Yes' Steve, Dies Suddenly
He also performed on the band's title theme to the Netflix show Better Call Saul , a Breaking Bad spin-off. Virgil's brother, Dylan, is also a drummer and was touring with Yes this summer.

United Nations passes new sanctions against North Korea
Haley said the resolution aimed to hit " North Korea's ability to fuel and fund its weapons programme". However, North Korea did not issue a response immediately after the adoption of the latest resolution.

Russia Used Facebook to Promote Anti-refugee Rally in Twin Falls
Burr and Warner said they have been speaking with each other about a potential hearing. But it appears that the Russians didn't stop at just that.

Liam Neeson announces retirement from action films
However, that isn't the case with the latest Liam Neeson mystery-thriller, though the two films appear to be very much alike. These included the likes of The Grey , The A-Team and Non-Stop , along with the ubiquitous Taken sequels.

European Union seeks to ramp up North Korea sanctions pressure
It was the ninth sanctions resolution against North Korea that has been unanimously adopted by the 15-member council since 2006. Pyongyang warned the U.S. on Monday that it would pay a "due price" for spearheading efforts on United Nations sanctions.

Hurricane Irma makes landfall in lower Florida Keys
Irma made landfall on the Florida Keys as a Category 4 hurricane Sunday, but the full extent of the damage there is still unknown. The second victim was a sergeant at the Hardee Correctional Institute who had been on his way to work, the highway patrol said.

Staffer anxious Menendez was 'degrading' himself over visas
Rosiell Polanco-Suera testified Florida eye doctor Salomon Melgen said he was "going to fix it" by talking to Menendez. In 2010, when Melgen used his points to pay for the hotel, Menendez had just 58,000 points on his card.

Iraqi Parliament Rejects Plan For Kurdish Independence Referendum
Iraqi Prime Minister Haider al-Abadi's government had previously rejected the referendum as unilateral and unconstitutional. Masoud Barzani, the president of Iraq's Kurdish region, insisted that holding the referendum in Kirkuk is "entirely legal".

Thatgamecompany releases trailer for new game 'Sky'
We'll bring you more information on Sky as soon as it becomes available, so be sure to stay tuned for that. It's definitely looking promising, and you can check out the reveal teaser for yourself below.

South Florida Airports Re-Open With Limited Operations
Now, there are signs that massive demand for gas caused by Hurricane Irma is spreading to Florida's neighbors to the north. In a parting shot, it triggered severe flooding around Jacksonville in the state's northeastern corner.

Other news