Slashdot Mirror
Patched MS Bluetooth Flaw Exposes Even Disconnected PCs
An anonymous reader writes "Among the 22 security holes Microsoft issued updates to fix yesterday is a critical kernel-level Bluetooth flaw that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network. An attacker could use the bug to gain access to any unpatched, Bluetooth-enabled Windows Vista or Win7 computer within 100 meters (or much further with specialized tools), all before the target system even gets an alert that another computer is requesting a Bluetooth connection."
Because 7 has features XP doesn't. Like support for the TRIM command for SSDs. Like an audio mixer that lets you set different volumes for each application, instead of each hardware output, which is floating point from the ground up. Like desktop rendering that is accelerated by your GPU. Like UAC. Like Aero Snap. Etc. It's not like Windows 7 is just a facelift on Windows XP, There are differences that aren't even hard to find.
But considering that leads to a complete OS compromise, that's pretty poor coding.
You literally only have to turn it on for a second and someone can root you without you knowing. You only have to witness someone pair with a device, or do a single Bluetooth transfer and you can root them. And what are the implications for embedded versions of Windows in, say, phones.
A lot of people use Bluetooth, it's expected to be quite secure in terms of not rooting your computer (people being able to monitor and sniff your Bluetooth data is a different class of problem entirely, and puny in comparison). And like the article says - you probably have the faulty software installed already and only an single tap of that Bluetooth switch will make you vulnerable to automatic rooting, like a virus.
A virus that exploits this will potentially go quickly global and be hard to cleanse because you literally may not even notice that you've been infected and switching on Bluetooth for a split second to send a file to your phone, answer your parent's Skype on a headset, etc. isn't generally considered an infection route.
I agree in that I have BT turned off on everything I own and set to hidden by default but it would be scary if I were using one of the vulnerable systems. That's the sort of thing that will still be catching people out five years from now and it's probably only the first of many such problems. Now before you can put a PC on the net, you need to make sure you've never enabled Bluetooth while Windows was executing until you've got it to the latest patch level.
So basically computers at risk are those who always leave bluetooth on and shown to everyone. Which unless you're trying to connect to a new device should be NEVER.
Or you have a bluetooth mouse/keyboard.
None of the advisories say anything about being in "discoverable" mode.
No need to worry. Reports around the web are contradictory to this article, all say it's extremely unlikely that an attacker could gain access to your machine using this vulnerability. You're more likely to get blue-screened.
http://blogs.technet.com/b/srd/archive/2011/07/12/ms11-053-vulnerability-in-the-bluetooth-stack-could-allow-remote-code-execution.aspx
https://threatpost.com/en_us/blogs/microsoft-fixes-critical-windows-bluetooth-bug-july-patch-tuesday-071211
What's more, you'd have to be sharing your bluetooth id AND the attacker would have to be within range of your signal.
that's teh shizzle bizzle
Why would I want to have an extra enable step before doing each of these and a disable step after?
I am TheRaven on Soylent News