Posted on 09/14/2017 1:24:17 PM PDT by Swordmaker
Security firm says 'BlueBorne' is only a risk if your device isn't updated
A recent report warned of a possible attack based on vulnerabilities found in Bluetooth, but Google, Microsoft, and Apple already addressed the issue.
Bluetooth was originally created in 1998 to serve as a secure short-range wireless connection between two devices. It pairs our wireless mice to our laptops, our smartwatches to our smartphones, and so on. But a recent report published by security firm Armis points to eight Bluetooth-related vulnerabilities — four of which are critical — that reside on more than 5 billion Android, Windows, Linux, and pre-iOS 10 devices. The company dubs this “epidemic” BlueBorne.
“These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date,” Armis said on September 12. “Previously identified flaws found in Bluetooth were primarily at the protocol level. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.”
The problem starts with the complexity of Bluetooth itself. The specification stretches across 2,822 pages, which is massive compared to the base Wi-Fi specification (802.11), which consists of only 450 pages. Because of its complexity, Bluetooth does not receive the same scrutinized audits as other less-complicated protocols. That means vulnerabilities get buried as Bluetooth evolves.
Many issues prior to Bluetooth v2.1 were resolved with the introduction of Secure Simple Pairing, thus the security community shifted its attention away from Bluetooth. But a thorough inspection still needed to be performed and Armis says that its discovery of eight vulnerabilities in a recent analysis of Bluetooth could very well be “the tip of the iceberg.”
Overall, the BlueBorne set of vulnerabilities can enable a hacker to take control of a device, access its content, and use it to infect other Bluetooth-enabled devices with malware. Outside the actual vulnerabilities, the root of the issue stems from keeping Bluetooth turned on. A device will listen for Bluetooth traffic even if it is not set to discoverable mode, so all a hacker needs to know is its Bluetooth device address (BDADDR), and its MAC address.
But how do you get this information? By using open-source hardware sold online that can sniff out encrypted Bluetooth connections passing through the air. These packets of information contain plain text data pointing to the Bluetooth device address. Hackers can then use that address to send unicast traffic if they are within physical proximity of the target device: 33 feet for mobile phones and headsets, and 328 feet for laptops and desktops.
“If the device generates no Bluetooth traffic, and is only listening, it is still possible to ‘guess’ the BDADDR, by sniffing its Wi-Fi traffic,” the firm explains. “This is viable since Wi-Fi MAC addresses appear unencrypted over the air, and due to the MACs of internal Bluetooth/Wi-Fi adapters are either the same, or only differ in the last digit.”
But according to Mike Weber of cyber risk management service provider Coalfire, there is no need to panic. There are no known instances of hackers taking advantage of the vulnerabilities. Even more, creating malware to possibly attack a multitude of devices spanning Windows, iOS, and Linux in a single sweep would be extremely difficult. The discovery of the vulnerabilities only points to possibilities, not an actual attack in the wild.
“If you are on a device that is no longer supported, cannot be updated, or has not yet received a patch from a vendor, it is recommended to keep Bluetooth on the device turned off except when necessary,” Weber suggests.
Microsoft produced a patch for Windows on September 12, 2017. Apple nuked the vulnerabilities on its products with the release of iOS 10, but all devices running iOS 9.3.5 and older are still vulnerable. Google patched the issues on Android 6.0 (Marshmallow) and Android 7.0 (Nougat) on August 7, 2017, but if you’re still worried about BlueBorne, Armis Security provides an app on the Google Play Store.
Updated: Now reflects new information provided by Coalfire.
To be vulnerable you have to leave Bluetooth on all the time, which eats up your battery.
Famous last words!
As some of us pointed out on another thread on this topic, keep bluetooth turned off when not using it (which is what most people do anyway for the exact reason you cited above) and one doesn't have to be concerned with this vulnerability.
It's a big nothingburger, IMO.
Most people leave Bluetooth _on_ all the time, because they’re not thinking about the technical nuances of marginal power consumption - instead they’d rather just leave it on for convenience.
The only Bluetooth disabling I do is ensuring the car’s stereo doesn’t try to connect to my phone. Having a conference call switch mics to the sound of momma yelling at the kids when she starts the car is...undesirable.
Pinging dayglored, ThunderSleeps, and ShadowAce for updates.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
The only bigger consumer of a cellphone's battery is the Facebook application. Trust me. People know what eats up their cellphone battery and they turn that crap off as much as possible.
Thanks to Swordmaker for the ping!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.