2017: Emergence
Researchers sound the alarm concerning eight vulnerabilities revealed in different implementations of Bluetooth: possible operation of these vulnerabilities cannot be revealed using traditional anti-virus solutions, it do not require any assistance from user side. Mentioned there are at least 5.3 billion devices, irrespective of type and the platform.[1]
Implementations of Bluetooth under Android, iOS, Windows, Linux are affected; i.e., potentially all devices, from smartphones and notebooks and to IoT-devices and smart cars appear under the threat.
The vulnerabilities integrated under the general name BlueBorne represent different degree of danger. Rub from eight the described BlueBorne are considered as critical and as experts of Armis company said, the first, allow to take control over devices and to start any code or to carry out the attacks of Man-in-the-Middle and to intercept data with Bluetooth connections.
Even worse the fact that these vulnerabilities can be used for creation of Bluetooth worm which will independently extend. It is not difficult to foresee effects of it.
There is also an option of use of these vulnerabilities for target attacks to corporate networks - to the malefactor with a malicious code on the device Bluetooth-enabled will be to come enough, for example, in bank and to be had in the range effect of Bluetooth devices that the malware provided to criminals access to banking network.
The list of indexes of vulnerabilities according to platforms:
Android:
All implementations of Bluetooth on all devices are affected, except those that use Bluetooth Low Energy. Google published a patch in the September bulletin of security Android.
Linux:
In different degree all devices released after 2011 are mentioned. Also vulnerable is a Samsung Tizen OS operating system constructed based on Linux. iOS:
All versions of iPhone, iPad, iPod touch based on iOS to version 9.3.5 are mentioned; all AppleTV devices of the version to 7.2.2, the problem is fixed in iOS 10.
Windows:
All versions after Windows Vista are mentioned, but Microsoft secretly released a patch in July. Windows Phone devices are not mentioned.
According to Armis, it is the most serious vulnerabilities in Bluetooth what only managed to be revealed ever. Information on them was provided to vendors so patches either are already ready, or also weeks will be released in the next few days.
 | Situation such is that a total failure from use of Bluetooth - not the worst idea, - Valery Tyukhmenev, the information security expert of SEC Consult Services company considers. - If there is no urgent need in use of this technology, then BlueTooth is recommended to be deactivated completely, at least, before installation of a patch. Also it is worth meaning that the old, removed from support devices (for example, smartphones) will not receive at all any patches and therefore it is better to save them from a possibility of use of Bluetooth completely. |  |
Technical specification on a problem well here[10]
Notes
- ↑ BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices
- ↑ CVE-2017-0781 CVE-2017-0781
- ↑ CVE-2017-0782 CVE-2017-0782
- ↑ CVE-2017-0783 CVE-2017-0783
- ↑ CVE-2017-0785 CVE-2017-0785
- ↑ CVE-2017-1000250 CVE-2017-1000250
- ↑ CVE-2017-1000251 CVE-2017-1000251
- ↑ CVE-2017-14315 CVE-2017-14315
- ↑ CVE-2017-8628 2017-8628
- ↑ The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |