Slashdot Mirror

← Back to Stories (view on slashdot.org)

Patched MS Bluetooth Flaw Exposes Even Disconnected PCs

Posted by Soulskill on from the you-are-the-one-neo dept.

An anonymous reader writes "Among the 22 security holes Microsoft issued updates to fix yesterday is a critical kernel-level Bluetooth flaw that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network. An attacker could use the bug to gain access to any unpatched, Bluetooth-enabled Windows Vista or Win7 computer within 100 meters (or much further with specialized tools), all before the target system even gets an alert that another computer is requesting a Bluetooth connection."

23 of 147 comments (clear)

  1. Confusing by Haedrian · · Score: 4, Insightful

    "even when the targeted computer is not connected to a network."
    "target would merely need to have Bluetooth turned on."

    Meh, not as scary as I thought. You shouldn't be running around with bluetooth on anyway. Also, if you're using a 'hidden' connection there's no real way for an attacker to find you is there?

    So basically computers at risk are those who always leave bluetooth on and shown to everyone. Which unless you're trying to connect to a new device should be NEVER.

    1. Re:Confusing by ledow · · Score: 3, Informative

      But considering that leads to a complete OS compromise, that's pretty poor coding.

      You literally only have to turn it on for a second and someone can root you without you knowing. You only have to witness someone pair with a device, or do a single Bluetooth transfer and you can root them. And what are the implications for embedded versions of Windows in, say, phones.

      A lot of people use Bluetooth, it's expected to be quite secure in terms of not rooting your computer (people being able to monitor and sniff your Bluetooth data is a different class of problem entirely, and puny in comparison). And like the article says - you probably have the faulty software installed already and only an single tap of that Bluetooth switch will make you vulnerable to automatic rooting, like a virus.

      A virus that exploits this will potentially go quickly global and be hard to cleanse because you literally may not even notice that you've been infected and switching on Bluetooth for a split second to send a file to your phone, answer your parent's Skype on a headset, etc. isn't generally considered an infection route.

      I agree in that I have BT turned off on everything I own and set to hidden by default but it would be scary if I were using one of the vulnerable systems. That's the sort of thing that will still be catching people out five years from now and it's probably only the first of many such problems. Now before you can put a PC on the net, you need to make sure you've never enabled Bluetooth while Windows was executing until you've got it to the latest patch level.

    2. Re:Confusing by Anonymous Coward · · Score: 2, Informative

      So basically computers at risk are those who always leave bluetooth on and shown to everyone. Which unless you're trying to connect to a new device should be NEVER.

      Or you have a bluetooth mouse/keyboard.
      None of the advisories say anything about being in "discoverable" mode.

    3. Re:Confusing by c0lo · · Score: 4, Funny

      You shouldn't be running around with bluetooth on anyway.

      Meh - trying to get to the root of the problem.

      You shouldn't be running around with bluetooth on.
      You shouldn't be running around with bluetooth
      You shouldn't be running around
      You shouldn't be running
      You shouldn't be
      You shouldn't

      YOU! Ah, it is always you at fault.

      --
      Questions raise, answers kill. Raise questions to stay alive.
    4. Re:Confusing by mogness · · Score: 3, Informative

      No need to worry. Reports around the web are contradictory to this article, all say it's extremely unlikely that an attacker could gain access to your machine using this vulnerability. You're more likely to get blue-screened.

      http://blogs.technet.com/b/srd/archive/2011/07/12/ms11-053-vulnerability-in-the-bluetooth-stack-could-allow-remote-code-execution.aspx
      https://threatpost.com/en_us/blogs/microsoft-fixes-critical-windows-bluetooth-bug-july-patch-tuesday-071211

      What's more, you'd have to be sharing your bluetooth id AND the attacker would have to be within range of your signal.

      --
      that's teh shizzle bizzle
    5. Re:Confusing by kevinmenzel · · Score: 2, Insightful

      Yeah, there are ways of protecting the user. WHICH IS WHY THEY PATCHED THE HOLE. This isn't an unpatched vulnerability. The title even notes that this vulnerability was patched. They found the hole. They patched the hole. No more hole. No more trench. No blaming the user.

      The only way a user would be vulnerable to this, is if they never updated. At which point, hell yeah, blame the user.

    6. Re:Confusing by peppepz · · Score: 3, Insightful

      You shouldn't be running around with bluetooth on anyway.

      Actually, I should be able to, because it's useful.
      It's my OS that should drop any packet I'm not interested in. Machines are supposed to do the work for me, not the opposite.

    7. Re:Confusing by mcgrew · · Score: 2

      A virus that exploits this will potentially go quickly global

      That's the opposite of what TFA said. In order to gain access the target computer needs some sort of (unspecified by TFA) memory corruption. My guess is you would need another flaw in conjunction with this (paired flaws?) to make it work.

      I agree in that I have BT turned off on everything I own and set to hidden by default

      I bought a tiny bluetooth dongle for the computer so I can bluetooth pictures and such from my phone to my computer. I keep bluetooth shut off on the phone unless I'm actually transferring files, because one of the few good bits of programming on my Motorola (most of the programming is crap) makes it easy to turn bluetooth on; if you tell it to bluetooth a file it simply asks you.

      I have the computer set up with bluetooth always on and in discovery mode, but the dongle lays on top of the PC unplugged. It makes uploading files brain-dead simple. Plug the dongle in, tell the phone to upload and it uploads. Then I just unplug the dongle. My only fear is losing that tiny dongle and having to spend another twenty bucks (that's a night of drinking).

      Seems this would work with Windows, too, as long as bluetooth wasn't built into the computer.

      Linux is head and shoulders above Windows in bluetooth support. When I bought the dongle I feared it wouldn't work; there was a Windows/Mac install disk, but nothing for Linux. Turns out you don't have to install anything in Linux (in kubuntu at least) to make bluetooth work, just plug the dongle in and it's functional.

      I never could understand the "Windows is easier than Linux" argument; I've used Windows since 1995 (DOS before that) and Linux since 2003, and Windows frustrates the hell out of me. One or two clicks in Linux usually equals a dozen in Windows. Needing to install stuff to make a bluetooth dongle work is one example.

      --
      Free Martian Whores!
    8. Re:Confusing by TheRaven64 · · Score: 3, Informative
      Absolutely! Needing to activate bluetooth every time you want to use it removes a lot of its use. Some of the things that I've done with Bluetooth:
      • Tie the 'device enter range' notification to a script that checks whether the device has been sync'd in the last day, and if not runs the sync program.
      • Configure my laptop to lock its screen when I walk away from it carrying my phone ('phone exits range' notification triggering screen saver).
      • Send vcards from my phone address book to another person's phone, or from their phone to my phone or laptop.
      • Send pictures from my phone to my laptop.
      • Control presentations from my phone.
      • Use wireless keyboards and mice with my laptop.

      Why would I want to have an extra enable step before doing each of these and a disable step after?

      --
      I am TheRaven on Soylent News
    9. Re:Confusing by mcgrew · · Score: 2

      This isn't an unpatched vulnerability.

      It was before they patched it, which in Vista was how long?

      --
      Free Martian Whores!
    10. Re:Confusing by Gaygirlie · · Score: 2

      What's more, you'd have to be sharing your bluetooth id AND the attacker would have to be within range of your signal.

      Many laptops for example share their bluetooth ID by default, and Joe User won't be aware of it or even know why it matters.

      Secondly, Internet cafes, libraries, trains, etc... all are places where people often whip out their laptops. And if you happen to be living in flats you most likely ARE within range of atleast a few of your neighbours' devices. Atleast I often see 4-8 bluetooth devices that aren't mine, they're usually from the apartments above and below.

    11. Re:Confusing by imric · · Score: 2

      "Linux is a pile of security vulnerabilities waiting to be discovered."

      As is every OS. Apparently, ESPECIALLY Windows.

      "It's just that no one bothers, at least not on the scale that Windows "enjoys"."

      This has been debunked so many times its ridiculous. Go on living in fairyland, though.

      --
      Paranoia is a Survival Trait!
    12. Re:Confusing by mcgrew · · Score: 2

      Lets see, one OS you have the source code to look for vulnerabilities, one you don't. I assure you that people DO look for vulns in Linux, especially those who use it for their file and web servers. The only folks looking for vulns in Windows are black hats looking for virus vectors, and white hats fighting the black hats.

      What's that saying about Many Eyes? (PDF from Wash U, "Many Eyes Hypothesis") Wait, now I remember -- Linus' Law.

      Linus's Law is a claim about software development, named in honor of Linus Torvalds and formulated by Eric S. Raymond in his essay "The Cathedral and the Bazaar".[1] The law states that "given enough eyeballs, all bugs are shallow"; or more formally: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone." Presenting the code to multiple developers with the purpose of reaching consensus about its acceptance is a simple form of software reviewing. Researchers and practitioners have repeatedly shown the effectiveness of the reviewing process in finding bugs and security issues,[2] and also that reviews may be more efficient than testing.

      In Facts and Fallacies about Software Engineering, Robert Glass refers to Linus' Law as a "mantra" of the Open source movement, but calls it a fallacy, stating that research has found that the number of bugs found decreases with too many inspectors, and that no research supports the Law as stated.[3] Interestingly, closed-source practitioners tacitly support the law's notion, by promoting stringent, independent code analysis during a software project's development.[4][5]

      --
      Free Martian Whores!
    13. Re:Confusing by PNutts · · Score: 3, Funny

      I have never seen a laptop that did not require considerable effort to get wireless networking going.

      Did you press Submit 10 years ago? Your wireless network may need more effort as it appears you have some network latency.

  2. Re:XP by kevinmenzel · · Score: 5, Informative

    Because 7 has features XP doesn't. Like support for the TRIM command for SSDs. Like an audio mixer that lets you set different volumes for each application, instead of each hardware output, which is floating point from the ground up. Like desktop rendering that is accelerated by your GPU. Like UAC. Like Aero Snap. Etc. It's not like Windows 7 is just a facelift on Windows XP, There are differences that aren't even hard to find.

  3. Re:Consequences? by bloodhawk · · Score: 2, Insightful

    Sooooo you expect highly secure devices in military installations, cash machines, banks etc are blue tooth enabled and you think MS is the one that doesn't have a clue?

  4. Re:XP by kevinmenzel · · Score: 2

    Most of the public could do all that on their phone. Most of the public don't particularly "need" computers. Seriously, when the hell did "computers should only do exactly what people need them to do the day they buy them and anything else is a waste" become such a fashionable sentiment?

  5. Re:XP by anss123 · · Score: 2

    I haven't seen an application that doesn't get its own fader no matter what audio model it uses

    An app can request/get exclusive access to the audio card, and bypass everything including the volume control. But that's only used by audio authoring software.

    My favorite Win7 audio feature in any case is the ability to redirect live audio. I can now watch a movie and while it's playing switch the audio to/from my headphones painlessly (earlier I would have to restart the movie, and sometimes the whole app). I don't have headphone jacks I can easily reach, so it saves me a bit of trouble.

  6. Re:Consequences? by m50d · · Score: 2

    Merely having bluetooth-capable hardware and software should not expose you to anything. Computers should be secure by default, out-the-box, and it is not unreasonable to expect this.

    --
    I am trolling
  7. Re:XP by anss123 · · Score: 2

    Depends on what kind of audio card you have. Some support two audio streams, some do not. If you have the same Realtech chip I got then just set it to use separate audio streams for front/back panel, alternately you can also simply have two audio cards.

    Then just right click the little speaker icon, select playback devices and change default. Any app that plays to the default playback device will then change to play to the new target.

    If you, like me, have more than one audio card there can be a lot of outputs. Outputs you never use can be disabled/hidden by right clicking on them, and audio outputs you use can be renamed. So I got one called headphones, and one called Speakers. Changing between them takes me five mouse clicks.

  8. Re:XP by SenseiLeNoir · · Score: 2

    I am assuming you mean Floating point SOUND MIXING of sound channels.

    Here are a few pages that talk about the issues in mixing two audio streams, and lead to the benefits of floating point mixing.

    http://stackoverflow.com/questions/376036/algorithm-to-mix-sound
    http://www.vttoth.com/digimix.htm

    --
    Have a nice day!
  9. Re:XP by kevinmenzel · · Score: 2

    At which point you set your application to use WASAPI in exclusive mode, and get all the low latency you want. A hell of a lot lower than WDM offers in Windows XP. Or you use ASIO. Or whatever. I mean, you probably don't need low latency from EVERY application, so it's not exactly borked is it? After all, Microsoft worked with companies like Cakewalk when they were designing their new audio stack back in the Vista days. Which is why there IS low latency support in the stack, and why there are less audio crackles when other stuff is happening in Vista/7 when compared to XP. Besides, there is so much FUD about latency in the audio path. I have a home studio, I deal with a need for low latency all the time... and frankly starting with Windows Vista this became a heck of a lot less painful to get working than it ever was with XP. And for my non-studio stuff, frankly it's not like video and audio are noticeably out of sync on my Win7 system, and that's with onboard audio, and a CRT monitor with pretty much no latency. So there are solutions when it's important, and features when it's not.

  10. Re:XP by kevinmenzel · · Score: 2

    Whereas with Windows XP you get none of those things. And frankly, Pulseaudio tries to be Windows 7/Vista audio. Pulseaudio came out in what, 2008/2009? Whereas Vista was available in 2006, and betas were available before then...