Security research firm Armis has disclosed eight new Bluetooth vulnerabilities it collectively calls "Blueborne" that take less than 10 seconds to penetrate and take over device with Bluetooth switched on, without the user having to connect to a compromised device or take any other action.
Armis disclosed the vulnerability to major vendors prior to the disclosure; fully patched Windows systems and Ios devices are protected, and an Android update is being pushed today for Google phones.
GNU/Linux distributions are expected to issue patches soon; users of Android and GNU/Linux should switch off their Bluetooth until the patch arrives, because both are especially vulnerable to the attack.
Surprisingly, the majority of Linux devices on the market today don't use address space layout randomization or similar protections to lessen the damage of Blueborne's underlying buffer overflow exploit, Armis Head of Research Ben Seri said. That makes the code-execution attack on that OS "highly reliable." Android, by contrast, does use ASLR, but Armis was able to bypass the protection by exploiting a separate vulnerability in the Android implementation of Bluetooth that leaks memory locations where key processes are running. Blueborne also massages Android memory in a way that further lessens the protection offered by ASLR. The result: Blueborne can carry out remote code-execution attacks on both OSes that are both stealthy and reliable.
Armis researchers haven't confirmed that code execution is possible against Windows' unpatched Bluetooth implementation, but they were able to carry out other attacks. The most significant one allows hackers to intercept all network traffic sent to and from the targeted Windows computer and to modify that data at will. That means attackers could use Blueborne to bypass personal and corporate firewalls and exfiltrate sensitive data and possibly modify or otherwise tamper with it while it's in transit. The Android implementation is vulnerable to the same attack.
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device
General Overview [Armis]
Billions of devices imperiled by new clickless Bluetooth attack
[Dan Goodin/Ars Technica]
Yesterday, I saw a demo of the Homebiogas bioreactor: it's essentially an artificial stomach that uses colonies of microbes to digest your home food waste (it can do poop, too, but people tend to be squeamish about this), providing enough clean-burning biogas to cook your next meal, heat your house, or run a generator -- […]
A team at MIT’s Department of Mechanical Engineering and Department of Civil and Environmental Engineering have created a set of foldable, 3D printed robots that are doped with magnetic particles that are precisely aligned during printing; when triggered by a control-magnet they engage in precise movements: grabbing, jumping, rolling, squeezing, etc.
Cyriak Harris is writing a novel titled “Horse Destroys the Universe.” Cyriak has been creating strange animated GIFs and videos for more than a decade so he made a promo animation for his book-in-progress. Guess what? It’s incredibly weird and amazing. From the novel description: Life was simple for Buttercup the horse. Chewing grass in […]
Facebook is good for more than just keeping tabs on your high school friends. In fact, the platform has become an invaluable tool for marketers and entrepreneurs building their brands online. So, whether you’re looking to launch your own venture or climb the ladder in your current operation, the Facebook Ads & Facebook Marketing Mastery Course […]
While it’s fun to watch Hollywood action heroes hack into cameras to spy on their targets, the thought of an actual cybercriminal using our own security devices against us is chilling for most. That’s what makes the iPM World HD 360 Degree 1080p Wireless IP Camera essential for anyone looking to deter digital and physical intruders […]
Spring came and went, but we’re not here to judge if you didn’t get around to cleaning up your living space. After all, taking the time to vacuum your floors can stretch out into a lengthy task when you’re constantly switching between power outlets and trying to jam your machine into those tight corners. With […]