Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices (bleepingcomputer.com)

Posted by BeauHD on from the when-it-rains-it-pours dept.

An anonymous reader quotes a report from Bleeping Computer: Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device." Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Android App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).

4 of 121 comments (clear)

  1. Bluetooth now useless for many Android devices by Anonymous Coward · · Score: 2, Informative

    I'd like to think these vulnerabilities will be fixed, but many Android devices don't get updates in a timely manner if at all. Must Bluetooth be permanently disabled on many of those devices?

  2. Mainstream linux has it patched already by deviated_prevert · · Score: 5, Informative

    Redhat had it covered first. Debian now has it patched. I would imagine that MS Server, Win7 and Win10 might not be too far behind considering that the real danger of this exploit is access to corporate networks that use bluetooth devices. Fortunately most thin clients do not have bluetooth built in otherwise this could become another update nightmare for MS admins. Either way I don't think this will effect the Microsoft servers users too much. What I do foresee is a rapid removal of bluetooth mice and a server side disabling of the usb bluetooth stack happening in major business until Microsoft patches the windows bluetooth stack.

    --
    This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
  3. Re:Does one really need the BlueBorne app? by Trax3001BBS · · Score: 5, Informative

    Looks like the vulnerabilities that impact Android are in the BlueZ bluetooth stack.
    Nothing to do with the MAC address of your Bluetooth/Wifi, of if Bluetooth and WiFi are contained in the same piece of hardware (I doubt any phone has a separate Bluetooth chip anyway, it would require a separate bluetooth antenna, cost more and take up more space)

    From PDF in summery
    "If the device generates no Bluetooth traffic, and is only listening, it is still possible to “guess” the
    BDADDR, by sniffing its WiFi traffic. This is viable since WiFi MAC addresses appear unencrypted
    over the air and due to the widely accepted norm of OEMs and hardware manufacturers that the
    MACs of internal Bluetooth/WiFi adapters are either the same, or only differ in the last digit (one
    being +1 of the other"

  4. the actual problem is : a buffer overflow... by johnjones · · Score: 4, Informative

    so yes its basically like wifi, cables are reliable

    there is a buffer overflow in some versions of windows/linux/iOS

    this has been patched in recent versions of all the OS's
    its not a replicating worm per se unless you count all the people who have downloaded an "app" to check if they are vulnerable...

    the videos and documentation on their website give absolutely no details and completely pointless, this is what happens when you let a media company deal with a buffer overflow

    Actual information :

    Background Information
    The Logical Link Control and Adaptation Layer Protocol (L2CAP) works at the data link layer in the Bluetooth stack. It provides services such as connection multiplexing, segmentation and reassembly of packets for upper layer protocols such as Bluetooth. It facilitates higher level protocols to transmit and receive L2CAP data packets to and from clients.

    A stack buffer overflow issue was found in various systems Bluetooth subsystem processing the pending configuration packets received from a client. As a result, a client could send arbitrary L2CAP configuration parameters which were stored in a stack buffer object. These parameters could exceed the buffer length, overwriting the adjacent kernel stack contents. This exchange occurs, prior to any authentication, when establishing a Bluetooth connection. An unauthenticated user, who is able to connect to a system via Bluetooth, could use this flaw to crash the system or potentially execute arbitrary code on the system if not secured correctly. if the Linux kernel stack protection feature (CONFIG_CC_STACKPROTECTOR=y) is on then your not going to be vulnerable.

    Not impressed with the press release at all I'm afraid

    It does show which vendors of equipment pay attention, develop patches and deserve respect

    Regards

    John Jones