Power By Dholu Production

Responsive Ads Here

Wednesday, September 20, 2017

BlueBorne: Critical Bluetooth Vulnerability Puts More Than 5 Billions of Devices at Risk of Hacking | Hacking News

If you are having Bluetooth enabled devices then you are vulnerable to BlueBorne attack. Be it a all the Bluetooth devices mobile, desktop, any IoT devices And OS including Android, iOS, Windows, and Linux are vulnerable.

BlueBorne Explained, Android Take Over Demo, Windows MiTM Demo, Linux Smartwatch Take Over Demo. All this term I am including videos at end of this post. you can watch the videos.

BlueBorne
BlueBorne


Using these vulnerabilities, security researchers at IoT security firm Armis have devised an attack, dubbed BlueBorne, which could allow attackers to completely take over Bluetooth-enabled devices, spread malware, or even establish a "man-in-the-middle" connection to gain access to devices critical data and networks without requiring any interaction from victime side.

Ben Seri, head of research team at Armis Labs, claims that during an experiment in the lab, his team was able to create a botnet network and install ransomware using the BlueBorne attack.

Security Experts from Armis Labs has identified 8 vulnerabilities. which can be the part of the attack vector and they published a Whitepaper.

1. Linux kernel RCE vulnerability – CVE-2017-1000251
2. Linux Bluetooth stack (BlueZ) information Leak vulnerability – CVE-2017-1000250
3. Android information Leak vulnerability – CVE-2017-0785
4. Android RCE vulnerability #1 – CVE-2017-0781
5. Android RCE vulnerability #2 – CVE-2017-0782
6. The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783
7. The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628
8. Apple Low Energy Audio Protocol RCE vulnerability – CVE-2017-14315

Google and Microsoft have already made security patches available to their customers, while Apple iOS devices running the most recent version of its mobile operating system (that is 10.x) are safe.

What's worst? 

The worst part of the attacks is that user not required to be paired with attackers device and later not required to Authorize the connection means without any interaction from victime side.

All iOS devices with 9.3.5 or older versions and over 1.1 Billion active Android devices running older than Marshmallow (6.x) are vulnerable to the BlueBorne attack.

Android users need to wait for security patches for their devices, as it depends on your device manufacturers.

How To Check My Devices Under BlueBorne Attack? / How To Secure My Devices ? click here