A new Bluetooth exploit leaves billions of devices vulnerable

A new Bluetooth exploit leaves billions of devices vulnerable

A new Bluetooth exploit leaves billions of devices vulnerable

Tuesday's announcement marks the agreed-upon coordinated disclosure date, with one exception: Armis says it attempted to contact Samsung - which makes the Linux-based Tizen OS and also uses Android extensively - on three separate occasions about the vulnerabilities, but did not hear back. But since the exploit is so different to the typical attack vector, users wouldn't even be alerted if their device gets compromised, leading to a hypothetical nightmare scenario (detailed in the video below) wherein a user spreads the "infection" to vulnerable phones and tablets simply by walking in their vicinity. Worse yet, all of this can be done without a user's knowledge. This can make the BlueBorne attack vector useful in cyber espionage, data theft, ransomware, and even for creating large botnets out of infected IoT devices. According to Armis Labs, BlueBorne can easily affect PCs and mobile phones since there is no need to pair the device with the targeted device. This becomes a problem in light of the bugs in various parts of the Bluetooth stack, found in L2CAP, BlueZ, SDP, SMP, BNEP, PAN Profiles, and Apple's proprietary LEAP implementation.

Armis Labs argued that airborne attacks show a new type of threat that's typically not taken into account by traditional security solutions. "This can endanger industrial systems, government agencies, and critical infrastructure".

Leaving your phone or computer's Bluetooth on all the time has never been a good idea, but now researchers at the cybersecurity firm Armis are claiming to have discovered a series of vulnerabilities that allow them to silently hack devices over Bluetooth.

This morning, Armis security published details of a new Bluetooth vulnerability that could potentially expose millions of devices to remote attack.

Hearing of Imran Khan disqualification case resumes in SC today
However, the chief justice maintained that the documents submitted were photocopies and therefore, not acceptable. Justice Umar Ata Bandial observed that there was a discrepancy in docuuments submitted by the PTI chairman.

The eighth flaw is a Remote Code Execution vulnerability in Apple's Low Energy Audio Protocol that now does not yet have a CVE number assigned. The most serious one in recent years was fixed in the Bluetooth 2.1 protocol.

The next step is a set of code executions that allows for full control of the device.

The root cause behind the multiple vulnerabilites is an overly complex Bluetooth specification that spans 2822 pages.

Apple iPhones, iPads and the iPod Touch with iOS version 9.3.5 and earlier are vulnerable to the BlueBorne flaws. When patches are available, consumers should update their devices to the latest available operating systems in order to protect themselves from the attacks. This includes forcing the device to give up information about itself and then, ultimately, release keys and passwords "in an attack that very much resembles heartbleed", the exploit that forced many web servers to display passwords and other keys remotely. This would enable attackers to download malware to devices and take complete control of them.

Kentucky Power assisting with Irma restoration efforts
Crews have deployed more than 36 times since 2008 to help other energy companies restore power to their customers. Hydro One Limited's common shares are listed on the Toronto Stock Exchange (TSX: H).

Android and Windows systems are vulnerable to man in the middle attacks (MITM), where an attacker intercepts communications between devices by secretly acting as a relay station between the two. Google has released a security update patch for Android.

A set of vulnerabilities affecting "almost every" Bluetooth-connected desktop, mobile, and smart device on the market has been revealed.

Armis warns of attacks that combine physical presence with the BlueBorne flaws.

The group that oversees Bluetooth technology, called the Bluetooth Special Interest Group, estimates that there are more than 8 billion Bluetooth devices on the market today.

Kremlin used Facebook to promote political protests in US
Although numerous events had already been deleted from Facebook, some remnants still exist in search engine caches. The shady organization, known for running misinformation campaigns, must've felt at home on the platform.

Related news