Enero 24, 2018

New Bluetooth vulnerability could affect millions of devices

13 Setiembre 2017, 04:45 | Benedicto Grullon

Enlarge Image Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits. Josh Miller CNET

Enlarge Image Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits.                  Josh Miller  CNET

Armis Labs, an Internet-of-Things security company, informs that it discovered a Bluetooth vulnerability codenamed BlueBorne that can affect billions of devices, including Android and iPhone smartphones, Linux and Windows PCs, or even smart appliances like TVs, security cameras, medical devices and sound systems.

These proximity-based network vulnerabilities could allow attackers to create broad malware infections that could spread from one infected device to many others by wirelessly connecting to other devices over Bluetooth.

Nearly 5.3 Bluetooth billion devices are vulnerable to a recently identified exploit called "BlueBorne", allowing hackers to take control of them and infect them with malware.

There is a new Blueborne attack that has been found in millions of Android and iOS devices. Such an attack could also be spread quickly by transmitting the malicious exploit from device to device through Bluetooth connectivity. This type of attack can often be configured to force those systems to reveal the encryption keys being used by Bluetooth, access systems or monitor data being sent between devices. With so many uses, the Bluetooth protocol also offers some sweet opportunities to criminal hackers.

Since April, the researchers have informed Google, Microsoft, Apple, Samsung, and the Linux Foundation and worked with them to roll out the fix. Zero-day vulnerabilities are security flaws that are found before developers have a chance to fix them. Google issued a patch to its partners on August 7, which it released as part of its September Security Update and Bulletin for Android 6.0 (Marshmallow) and Android 7.0 (Nougat).

The more serious flaws allow an attacker to gain control of affected devices and their data, and steal sensitive business data from corporate networks.

Several new Android devices including a Samsung Galaxy S8+ and a Huawei P10 were found to be vulnerable by the BlueBorne scanner in iTnews testing. "The attack does not require the targeted device to be paired to the attacker's device, or even to be set on discoverable mode", explains Armis Labs, an IoT security outfit. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here. That's why the attack vector collection is called BlueBorne.

"These silent attacks are invisible to traditional security controls and procedures", said Yevgeny Dibrov, Armis' chief executive.

Simply leaving Bluetooth on can make a device vulnerable, Seri and Vishnepolsky noted.

Security researchers have discovered eight vulnerabilities - codenamed collectively as BlueBorne - in the Bluetooth implementations used by over 5.3 billion devices. Alongside that, any Linux device running BlueZ or version 3.3-rc1 are affected.

Mr Miller said people could fly to other countries, unknowingly travelling with their infected phone. The attack essentially takes advantage of how Bluetooth uses tethering to share data and is able to spread through "improper validation". No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device.

The vulnerability in the case of iOS devices is limited to iOS 9.3.5 and lower versions.

The patch issued by Google was sent to device manufacturers a month ago, but with a variety of Android partners, this means the delivery time of the patch could be different for people depending on the handset or device they now use.

Otras noticias

Tendencias Ahora

Thousands without power in coastal Georgia from severe storm
Heavy rain and strong winds caused flooding along the coast, downed power lines and sent trees crashing onto homes. Scott told the CBS programme that Irma's storm surge could be even more deadly than its 130mph (209kmh) winds.

Donald Trump is likely to visit China in November, says USA official
North Korea has faced growing condemnation from around the world following its sixth and largest nuclear test this month. The new United Nations sanctions are an attempt to starve the country of fuel and income for its weapons programmes.

Chris Johnson officially re-signs with Cardinals
With a shocking blowout victory over the Indianapolis Colts , the Rams went from No. 24 to No. 19 for a five-spot jump. For the most part, nearly none of the takeaways for the Cardinals in this horrendous loss are any good.

Samsung Galaxy Note 8 Gets 250000 Pre-registrations In India
Well, in case of the Galaxy Note 8 , you can capture the whole document in single screenshot using the Scroll Capture. The company's V30 strategic smartphones in the second half will determine the fate of its smartphone business.

A Tale of Two Streaks — Indians and Dodgers
Success! An email has been sent with a link to confirm list signup. "We wanted to stop the bleeding", Jansen said after the game. Delino DeShields, who was 2-for-4 with two runs scored, also had a solo home run to help make a winner out of Cole Hamels (10-3).

United Nations passes fresh sanctions on North Korea
Washington has led the global drive to punish the rogue state after it detonated a nuclear device earlier this month. President Trump gets it: He said the sanctions are only a very small step compared to what "will have to happen".

The area faced off against Irma and its Category 2 winds
Florida Governor Rick Scott said on Twitter he was joining members of the U.S. And in Palm Bay, there were just a dozen options for gas throughout the city.

Hurricane Irma Hits Florida as Cat 4; Path Further West Than Expected
A tropical storm warning was issued for the first time ever in Atlanta, where many schools canceled classes because of the storm . Augustine Fire Chief Carlos Aviles. "It's disgusting , what we saw", he said following an aerial tour of the region on Monday.

Irma makes second landfall in Marco Island, Florida as category 3 hurricane
The massive storm was one of the main news topics over the past week, causing enormous damage across the Caribbean and Florida. The storm is expected to further weaken as it moves through Columbus and then northwest through Alabama and into Tennessee.

'Edie Windsor is a legend,' reaction to the death of Edith Windsor
She had been engaged to her brother's friend Saul Windsor and married him later after falling in love with a female classmate. Thea was "playing the field" when she met Edie at the restaurant but life comes at you fast, doesn't it? Ms.