Skip to content

Home Special Announcement Bluetooth Vulnerabilities - "BlueBorne"
Bluetooth Vulnerabilities - "BlueBorne"
Wednesday, 13 September 2017 21:19

Description:
Eight Bluetooth vulnerabilities, dubbed Blueborne, affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, including smartphones,laptops,IoT devices, and smart cars.
Three of these eight security flaws are rated critical and according to researchers at Armis, the IoT security company that discovered BlueBorne, these vulnerabilities allow attackers to take over devices and execute malicious code, or perform Man-in-the-Middle attacks and intercept Bluetooth communications. Blueborne doesn’t require devices to be paired with the malicious device, or even be set in discoverable mode

CVE Number:
CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices;
CVE-2017-1000251 and CVE-2017-1000250 for Linux;
CVE-2017-14315 for iOS, and
CVE-2017-8628 on Windows.

Systems Affected:
Windows versions since Windows Vista are all affected. Windows Phone was not vulnerable to BlueBorne. Microsoft has released patches in July for CVE-2017-8628, the details about the fixed vulnerability has been provided in September's Patch Tuesday.

All Linux devices running BlueZ are affected by an information leak, while all Linux devices from version 3.3-rc1 (released in October 2011) are affected by a remote code execution flaw that can be exploited via Bluetooth. Samsung's Tizen OS, based on Linux, is also affected.

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected, but the issue was patched in iOS 10.

Prevention:
1. Disable Bluetooth immediately. After applying the patch or update on your device, you should be able to turn Bluetooth on.
2. Users of Android devices can determine if their device is vulnerable by downloading the BlueBorne Android App on the Google Play Store and use it to run a simple and quick check.

Reference:
https://www.bleepingcomputer.com/news/security/blueborne-vulnerabilities-impact-over-5-billion-bluetooth-enabled-devices/
https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

Last Updated on Monday, 30 October 2017 12:22
 
[YOUR IP : 54.83.81.52: 60860] ...   [YOUR BROWSER: CCBot/2.0 (http://commoncrawl.org/faq/)] ...