Pages

Sunday, January 28, 2018

BlueBorne vulnerabilities: Are your Bluetooth devices safe?

Last month, a series of Bluetooth vulnerabilities was discovered by research firm Armis Inc. that enables remote connection to a device without the affected users noticing.

The vulnerabilities were reported on Android, Linux, Windows and iOS devices. These vendors were all contacted to create patches for the BlueBorne vulnerabilities and worked with Armis via a responsible disclosure of the exploit. The concern now is the vast amount of Bluetooth devices that might not update efficiently. This concern, combined with working with Android devices to have the update go out to all its manufacturers, will be the biggest hurdle when remediating the BlueBorne vulnerabilities.

The BlueBorne vulnerabilities enable attackers to perform remote code execution and man-in-the-middle attacks. This attack is dangerous because of the broad range of Bluetooth devices out in the wild and the ease with which an attacker can remotely connect to them and intercept traffic. With this exploit, an attacker doesn't have to be paired with the victim's device; the victim's device can be paired with something else, and it doesn't have to be set on the discoverable mode. Essentially, if you have an unpatched system running on any Bluetooth devices, then your vulnerability is high.

However, the affected vendors have done a good job releasing patches for the BlueBorne vulnerabilities. Microsoft patched the bug in a July release and Apple's iOS isn't affected in iOS 10. The issue is with Android, which is historically slow to patch vulnerabilities, and will have to work with itsvendors to have the patch pushed down.

Likewise, the larger issue will be with all of the smart devices and internet of things devices that are installed on networks, meaning your TVs, keyboards, lightbulbs and headphones could all be vulnerable. There's probably a smaller risk of data being exposed on these devices, but they can still intercept information and be used as a way to propagate the issue further.

Another concern with these vulnerabilities is the possibility of a worm being created, released in a crowded area and potentially spreading itself through devices in close proximity to each other. Particular exploits might not work on all phones in this case, but it could still be possible given the right code and circumstance. For example, if the worm was released in a stadium or large crowd, then it could theoretically spread if the systems haven't been properly patched.

Being able to perform code injection to take over a system or create man-in-the-middle attacks, which can be used to steal information, is extremely worrisome. These attacks are happening inside the firewall and don't need to join your network in order to be executed. This is essentially like a backdoor that enables attackers to compromise systems from a distance and within your network.

It is extremely important that you patch all systems if you have the capability to do so, or that you disable Bluetooth devices when they're not needed.

46 comments:


  1. Big Data Hadoop Training in Chennai at Credo Systemz – Top rated Hadoop Training Institute in Chennai. Call 9600112302 for more details.
    Expert's Best Hadoop Training in Chennai topics taught by experienced certified professionals with extensive real-world experience. All of our other Hadoop training will incorporate the Hadoop New features, providing complete practical training for the latest Hadoop release.

    Cheers
    Big Data Hadoop Training in Chennai

    ReplyDelete
    Replies
    1. IEEE Project Domain management in software engineering is distinct from traditional project deveopment in that software projects have a unique lifecycle process that requires multiple rounds of testing, updating, and faculty feedback. A IEEE Domain project Final Year Projects for CSE system development life cycle is essentially a phased project model that defines the organizational constraints of a large-scale systems project. The methods used in a IEEE DOmain Project systems development life cycle strategy Project Centers in India provide clearly defined phases of work to plan, design, test, deploy, and maintain information systems.


      This is enough for me. I want to write software that anyone can use, and virtually everyone who has an internet connected device with a screen can use apps written in JavaScript. JavaScript Training in Chennai JavaScript was used for little more than mouse hover animations and little calculations to make static websites feel more interactive. Let’s assume 90% of all websites using JavaScript use it in a trivial way. That still leaves 150 million substantial JavaScript Training in Chennai JavaScript applications.

      Delete
    2. Big data is a term that describes the large volume of data – both structured and unstructured – that inundates a business on a day-to-day basis. big data projects for students But it’s not the amount of data that’s important. Project Center in Chennai It’s what organizations do with the data that matters. Big data can be analyzed for insights that lead to better decisions and strategic business moves.

      Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Corporate TRaining Spring Framework the authors explore the idea of using Java in Big Data platforms.
      Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai


      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. AWS Training in Bangalore - Live Online & Classroom
    myTectra Amazon Web Services (AWS) certification training helps you to gain real time hands on experience on AWS. myTectra offers AWS training in Bangalore using classroom and AWS Online Training globally. AWS Training at myTectra delivered by the experienced professional who has atleast 4 years of relavent AWS experince and overall 8-15 years of IT experience. myTectra Offers AWS Training since 2013 and retained the positions of Top AWS Training Company in Bangalore and India.


    IOT Training in Bangalore - Live Online & Classroom
    IOT Training course observes iot as the platform for networking of different devices on the internet and their inter related communication. Reading data through the sensors and processing it with applications sitting in the cloud and thereafter passing the processed data to generate different kind of output is the motive of the complete curricula. Students are made to understand the type of input devices and communications among the devices in a wireless media.

    ReplyDelete
  3. All are saying the same thing repeatedly, but in your blog I had a chance to get some useful and unique information, I love your writing style very much, I would like to suggest your blog in my dude circle, so keep on updates.
    Cloud computing Training in Chennai
    Cloud computing Training
    Cloud computing Training near me
    Hadoop Training in Chennai
    Big Data Training in Chennai
    Big Data Training

    ReplyDelete
  4. Attend The PMP Certification From ExcelR. Practical PMP Certification Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The PMP Certification.
    ExcelR PMP Certification

    ReplyDelete
  5. You make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers. Bluetooth Headset

    ReplyDelete
  6. Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article.
    data analytics courses

    ReplyDelete
  7. Awesome blog. I enjoyed reading your articles.

    pmp training

    ReplyDelete
  8. Very interesting subject , regards for putting up. iphone png

    ReplyDelete
  9. I like this blog its a master peace ! Glad I detected this on google . iphone mockup

    ReplyDelete
  10. Hi. Cool post. There’s an issue with your site in chrome, and you may want to test this… The browser is the marketplace chief and a good element of people will omit your excellent writing because of this problem. ipad mockup

    ReplyDelete
  11. As far as me being a member here, I wasn’t aware that I was a member for any days, actually. When the article was published I received a notification, so that I could participate in the discussion of the post, That would explain me stumbuling upon this post. But we’re certainly all members in the world of ideas. macbook photoshop

    ReplyDelete
  12. Maximize your by how a large amount of gear are employed internationally and will often impart numerous memory using that your is also fighting that is a result from our team rrnside the twenty first centuries. daily deal livingsocial discount baltimore washington android phone template

    ReplyDelete
  13. Thanks, are you looking for real estate in Longwood, FL? Learn where the deals are, getbank owned property lists and find homes for sale in Casselberry. Naveed Ahmed Poetry

    ReplyDelete
  14. you are really a good webmaster. The site loading speed is incredible. It seems that you are doing any unique trick. Furthermore, The contents are masterwork. you have done a excellent job on this topic! https://royalcbd.com/how-to-make-cbd-gummies-at-home/

    ReplyDelete
  15. Comfort: I'd at least give the Sol Republic Master Tracks Over-Ear Headphones 4 stars in this department. While it may not be as comfortable as some other headphones out there, it's nonetheless appropriate enough for people who want to listen to their favorite tunes for extended periods of time. noise cancelling headphones

    ReplyDelete
  16. I have been exploring for a bit for any high quality articles or blog posts in this kind of space . Exploring in Yahoo I ultimately stumbled upon this web site. Studying this information So i am glad to show that I have a very excellent uncanny feeling I discovered just what I needed. I such a lot unquestionably will make sure to do not disregard this website and give it a look regularly. frontend services

    ReplyDelete
  17. It's very useful article with inforamtive and insightful content and i had good experience with this information.Enroll today to get free access to our live demo session which is a great opportunity to interact with the trainer directly which is a placement based Salesforce training India with job placement and certification . I strongly recommend my friends to join this Salesforce training institutes in hyderabad practical course, great curriculum Salesforce training institutes in Bangalore with real time experienced faculty Salesforce training institutes in Chennai. Never delay to enroll for a free demo at Salesforce training institutes in Mumbai who are popular for Salesforce training institutes in Pune.

    ReplyDelete
  18. I admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much. plz share some more info
    Ai & Artificial Intelligence Course in Chennai
    PHP Training in Chennai
    Ethical Hacking Course in Chennai Blue Prism Training in Chennai
    UiPath Training in Chennai

    ReplyDelete
  19. IEEE Cloud computing DOamin is a general term for anything that involves delivering hosted services over the Internet. cloud computing projects The cloud projects for cse is a metaphor for a global network of remote servers which operates as a single ecosystem, commonly associated with the Internet. IEEE FInal Year Networking Projects for CSE Domains Networking Projects cloud computing is the delivery of computing projects services—including servers, storage, databases, networking projects, software, analytics, and intelligence


    JavaScript Training in Chennai


    JavaScript Training in Chennai

    ReplyDelete
  20. This is really a nice and informative, containing all information and also has a great impact on the new technology. Thanks for sharing it
    online electronics store

    ReplyDelete
  21. Very nice post. I just stumbled upon your blog and wanted to say that I have really enjoyed surfing around your blog posts. In any case I will be subscribing to your feed and I hope you write again soon! 스포츠사이트


    -----------------------------


    Yes, congratulations for this practical post. I will be preserving this post for future reference with the great lessons inside. I had always believed the best way to learn this topic is subscribing to those webinars and videos offered by professionals. Those videos proceed step by step into ways to help those considering the issue. Your blog post does the same thing. It is also a timesaver unlike all of the videos and webimars. 무직자대출

    ReplyDelete
  22. Leader in developing embedded system projects, providing Engineering and SCADA solutions using Raspberry pi, Arduino and more.... network topology

    ReplyDelete
  23. Only aspire to mention ones content can be as incredible. This clarity with your post is superb and that i may think you’re a guru for this issue. High-quality along with your concur permit me to to seize your current give to keep modified by using approaching blog post. Thanks a lot hundreds of along with you should go on the pleasurable get the job done. disinfecting equipment

    ReplyDelete