OnePlus 5T will get Android Oreo Beta update by late December
OnePlus 5T costs $499 on November 21: Face unlock, dual cameras
Google Home app receives major update that also changes UI big time
Samsung mocks 10 years of iPhone with new ad
The Latest: President makes stop at Trump hotel in Honolulu
New Bluetooth vulnerability could affect millions of devices
13 Setiembre 2017, 04:45 | Benedicto Grullon
Enlarge Image Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits. Josh Miller CNET
Armis Labs, an Internet-of-Things security company, informs that it discovered a Bluetoothvulnerability codenamed BlueBorne that can affect billions of devices, including Android and iPhone smartphones, Linux and Windows PCs, or even smart appliances like TVs, security cameras, medical devices and sound systems.
These proximity-based network vulnerabilities could allow attackers to create broad malware infections that could spread from one infected device to many others by wirelessly connecting to other devices over Bluetooth.
Nearly 5.3 Bluetooth billion devices are vulnerable to a recently identified exploit called "BlueBorne", allowing hackers to take control of them and infect them with malware.
There is a new Blueborne attack that has been found in millions of Android and iOS devices. Such an attack could also be spread quickly by transmitting the malicious exploit from device to device through Bluetooth connectivity. This type of attack can often be configured to force those systems to reveal the encryption keys being used by Bluetooth, access systems or monitor data being sent between devices. With so many uses, the Bluetooth protocol also offers some sweet opportunities to criminal hackers.
Since April, the researchers have informed Google, Microsoft, Apple, Samsung, and the Linux Foundation and worked with them to roll out the fix. Zero-day vulnerabilities are security flaws that are found before developers have a chance to fix them. Google issued a patch to its partners on August 7, which it released as part of its September Security Update and Bulletin for Android 6.0 (Marshmallow) and Android 7.0 (Nougat).
The more serious flaws allow an attacker to gain control of affected devices and their data, and steal sensitive business data from corporate networks.
Several new Android devices including a Samsung Galaxy S8+ and a Huawei P10 were found to be vulnerable by the BlueBornescanner in iTnews testing. "The attack does not require the targeted device to be paired to the attacker's device, or even to be set on discoverable mode", explains Armis Labs, an IoT security outfit. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here. That's why the attack vector collection is called BlueBorne.
"These silent attacks are invisible to traditional security controls and procedures", said Yevgeny Dibrov, Armis' chief executive.
Simply leaving Bluetooth on can make a device vulnerable, Seri and Vishnepolsky noted.
Security researchers have discovered eight vulnerabilities - codenamed collectively as BlueBorne - in the Bluetooth implementations used by over 5.3 billion devices. Alongside that, any Linux device running BlueZ or version 3.3-rc1 are affected.
Mr Miller said people could fly to other countries, unknowingly travelling with their infected phone. The attack essentially takes advantage of how Bluetooth uses tethering to share data and is able to spread through "improper validation". No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device.
The vulnerability in the case of iOS devices is limited to iOS 9.3.5 and lower versions.
The patch issued by Google was sent to device manufacturers a month ago, but with a variety of Android partners, this means the delivery time of the patch could be different for people depending on the handset or device they now use.
Chris Johnson officially re-signs with Cardinals
With a shocking blowout victory over the Indianapolis Colts , the Rams went from No. 24 to No. 19 for a five-spot jump. For the most part, nearly none of the takeaways for the Cardinals in this horrendous loss are any good.
A Tale of Two Streaks — Indians and Dodgers
Success! An email has been sent with a link to confirm list signup. "We wanted to stop the bleeding", Jansen said after the game. Delino DeShields, who was 2-for-4 with two runs scored, also had a solo home run to help make a winner out of Cole Hamels (10-3).
United Nations passes fresh sanctions on North Korea
Washington has led the global drive to punish the rogue state after it detonated a nuclear device earlier this month. President Trump gets it: He said the sanctions are only a very small step compared to what "will have to happen".