Blueborne Bluetooth vulnerability

[DarkFoss]

I just spotted this at Phoronix

Link to Armis article

From the top of the armis article :

Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth.

I haven't looked at the videos yet.. My ubuntu 17.04 just had a bluez update guessing it was timed with the release of the article. Have yet to boot over to windows to check for the update.

Of course no patch for my Samsung phone or Smart TV. From further down the article :

Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach.

How shocking.

 

[curio]

Great

 

[bill dennison]

all convicted hackers should be publicly burned at the stake

 

[MasterGoa]

And people wonder why all my BT is disabled on phone and puters...

 

[Lazy8s]

Armis reached out to the following actors to ensure a safe, secure, and coordinated response to the vulnerabilities identified.

Google – Contacted on April 19, 2017, after which details were shared. Released public security update and security bulletin on September 4th, 2017. Coordinated disclosure on September 12th, 2017.
Microsoft – Contacted on April 19, 2017 after which details were shared. Updates were made on July 11. Public disclosure on September 12, 2017 as part of coordinated disclosure.
Apple – Contacted on August 9, 2017. Apple had no vulnerability in its current versions.
Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach.
Linux – Contacted August 15 and 17, 2017. On September 5, 2017, we connected and provided the necessary information to the the Linux kernel security team and to the Linux distributions security contact list and conversations followed from there. Targeting updates for on or about September 12, 2017 for coordinated disclosure.
Affected Devices

The threat posed by the vulnerabilities Armis disclosed
The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use. This means almost every computer, mobile device, smart TV or other IoT device running on one of these operating systems is endangered by at least one of the eight vulnerabilities. This covers a significant portion of all connected devices globally.

So if I'm reading this right, it's primarily unpatched Win/iOS, Samsung and possibly Linux users need to be concerned?

 

[daPhoenix]

The Linux side of the vulnerability isn't so bad though, since any decent distribution ships with Stack Protection enabled so there's no remote execution possible - only denial of service (crash the Bluetooth stack).

 

[Woodgypsy]

So if I'm reading this right, it's primarily unpatched Win/iOS, Samsung and possibly Linux users need to be concerned?

Many Android phones don't get timely security patches, so it is better to turn BT off for now due to the seriousness of the vulnerability.

 

[Lazy8s]

Thanks for the replies guys.

 

[OzzieBloke]

****, I depend on BT for my earpiece and car when driving so I can take emergency calls without taking my eyes off the road.

They better fix this **** fast, because I really can't turn it off without compromising my work...

 

[Gandalfthewhite]

no the software devs that do not put proper security protections in place are the problem not the security researchers who find and properly report the flaws.

 

[Shadowless]

iPhone, no issues. Patched Windows system, no issues.

Good luck guys!!

 

[OzzieBloke]

****ing Android...

 

[Lazy8s]

iPhone, no issues. Patched Windows system, no issues.

Good luck guys!!

Same here.

The youngest instantly disabled BT and checked for updates (Samsung) and the other 2 just never think it will happen to them.

 

[cbsboyer]

Still running my BB10 dinosaur...was never vulnerable.

Not that anyone would go to the effort of hacking one of the 20 of us left on the planet with these phones...

 

[Pr3tty F1y]

I haven't read up on Blueborne too much, but a comment else where had caught my eye.

Not sure if anyone else can confirm, but it seems the scope is a bit more limited than what's being circulated from media outlets.

According to the comment I read, the attack only works when your BT device is actively paired with another device and the hack only covers the permissions/types of functions inherent to the pair.

So, if you're paired for network storage, then that's bad. If you're paired for hands free communication in your car, potentially someone could listen in/redirect the audio, but they wouldn't have file access as the pair is only for audio sharing. Also, if you're moving in traffic, you'd likely be quickly out of range. Now if you're paired with your car for media, I guess there could be file access, but I'm unsure if it's read/write or not. I guess the same would go with a BT mouse pairing. Someone could take over the mouse actions, but without visually seeing your screen, it's not really useful. Just annoying.

Is this understanding of the vulnerability true?

 

[Lazy8s]

I haven't read up on Blueborne too much, but a comment else where had caught my eye.

Not sure if anyone else can confirm, but it seems the scope is a bit more limited than what's being circulated from media outlets.

According to the comment I read, the attack only works when your BT device is actively paired with another device and the hack only covers the permissions/types of functions inherent to the pair.

So, if you're paired for network storage, then that's bad. If you're paired for hands free communication in your car, potentially someone could listen in/redirect the audio, but they wouldn't have file access as the pair is only for audio sharing. Also, if you're moving in traffic, you'd likely be quickly out of range. Now if you're paired with your car for media, I guess there could be file access, but I'm unsure if it's read/write or not. I guess the same would go with a BT mouse pairing. Someone could take over the mouse actions, but without visually seeing your screen, it's not really useful. Just annoying.

Is this understanding of the vulnerability true?

I'm not sure about the needing to be paired...this is from the Armis article linked in the OP.

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode.

So, according to them, no pairing or discoverable is required.

 

[Pr3tty F1y]

I'm not sure about the needing to be paired...this is from the Armis article linked in the OP.



So, according to them, no pairing or discoverable is required.

Well, the way I read it - It's not paired to the attacker's device, but more like the attacker's device intercedes to the current pairing. So my reading of it was that if you're not currently and actively paired with another device, then there isn't an issue.

It sounds something like a man in the middle attack. Essentially, the attacker - while not paired - some can interject between your main device and the device that it is currently and actively paired to. And that would subsequently limit the scope of the vulnerability to only the permissions granted by the pairing of your main the device and the device it's paired to.

 

[curio]

Verizon S8+ just got patched last night for this; I verified it is patched using the Armis Blueborne vulnerability scanner