• Categories
    Category
  • Categories
    Category
  • News
  • Tutorials
  • Forums
  • Tags
  • Users
News Comments FAQ Related Articles

BlueBorne attacks billions of devices, every device is vulnerable

3202

blue

Every device contains bluetooth and those running on Android, iOS, Windows and even Linux is vulnerable to the new set of wireless vulnerabilities in Bluetooth settings called as BlueBorne.

A security company name Armis is the first one to find out all eight separate Bluetooth wireless protocol flaws. The Blueborne requires only a Bluetooth connection with the attacking device or even be in the discovery mode.

Armis CEO Yevgeny Dibrov explained: " These silent attacks are invisible to traditional security controls and procedures. Companies don' t monitor these types of device-to-device connections in their environment, so they can' t see these attacks or stop them."

Red Hat has classifies three out of eight vulnerabilities as critical. The compromised devices can be further used to attack nearby system over any segregated or air-gapped devices. These flaws impact almost 5.3 billion devices in all platforms.

Michael Parker, VP of marketing at Armis, used the WannaCry ransomware attack as an example. " You had WannaCry. Now imagine WannaCry ' Blue,' " said Parker. " It is ransomware that is spread through Bluetooth...It can spread from device to device, unnoticed by current security measures, locking down smartphones, desktops, laptops, and it can' t be stopped by traditional methods."

On Linux servers and desktops, it can attack via Logical Link Control and Adaptation Layer Protocol (L2CAP) at data link layer. This may affect only the Bluetooth hardware, not the Linux kernel with stack protection that will help stop the stack buffer overflow from leading to remote code execution.

Due to early detection of the flaws, Armis researchers warned Apple, Google, Linux and Microsoft corporation to immediately set a patch against this vulnerability.

The list of eight vulnerabilities are as follows:

  • Android information leak vulnerability &ndash CVE-2017-0785
  • Android RCE vulnerability #1 &ndash CVE-2017-0781
  • Android RCE vulnerability #2 &ndash CVE-2017-0782
  • The Bluetooth Pineapple in Android &ndash Logical Flaw CVE-2017-0783
  • Linux kernel RCE vulnerability &ndash CVE-2017-1000251
  • Linux Bluetooth stack (BlueZ) information Leak vulnerability &ndash CVE-2017-1000250
  • The Bluetooth Pineapple in Windows &ndash Logical Flaw CVE-2017-8628
  • Apple Low Energy Audio Protocol RCE vulnerability (no designated CVE number yet)

While the fixes are being done in every platform, do your own steps to protect against this threat- disable Bluetooth on all your devices.

Tags:
ethan
Author: 

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

Q

What are BlueBorne attacks?

A

Every device contains Bluetooth and those running on Android, iOS, Windows and even Linux is vulnerable to the new set of wireless vulnerabilities in Bluetooth settings called as BlueBorne.

Q

How many vulnerabilities can affect Linux?

A

Red Hat has classified three out of eight vulnerabilities as critical. The compromised devices can be further used to attack nearby system over any segregated or air-gapped devices.

Q

What attack will happen by BlueBorne on Linux servers?

A

On Linux servers and desktops, it can attack via Logical Link Control and Adaptation Layer Protocol (L2CAP) at data link layer. This may affect only the Bluetooth hardware, not the Linux kernel with stack protection that will help stop the stack buffer overflow from leading to remote code execution.

Q

Who found out the answers dor Bluetooth flaws?

A

A security company name Armis is the first one to find out all eight separate Bluetooth wireless protocol flaws. The Blueborne requires only a Bluetooth connection with the attacking device or even be in the discovery mode.

Q

What will happen actually in BlueBorne?

A

These silent attacks are invisible to traditional security controls and procedures. Companies don' t monitor these types of device-to-device connections in their environment, so they can' t see these attacks or stop them.

Related Tutorials in BlueBorne attacks billions of devices, every device is vulnerable

Related Tutorials in BlueBorne attacks billions of devices, every device is vulnerable

How to install Xrdp Server (Remote Desktop) on Oracle Linux 8.5
How to install Xrdp Server (Remote Desktop) on Oracle Linux 8.5
Oct 17, 2022
How to install and update OpenSSL on Debian 11.3
How to install and update OpenSSL on Debian 11.3
Oct 21, 2022
How to Install and Configure Mega in Linux
How to Install and Configure Mega in Linux
Jul 19, 2016
How to use Aureport command on Linux
How to use Aureport command on Linux
Nov 28, 2017
How to install Development tools on Linux
How to install Development tools on Linux
Jun 12, 2018
How to Install mod_ssl and SSL certificate on Oracle Linux
How to Install mod_ssl and SSL certificate on Oracle Linux
Dec 30, 2021
How to install Nextcloud on Ubuntu 22.04 version
How to install Nextcloud on Ubuntu 22.04 version
Jun 23, 2023
How to install ClipGrab in Linux
How to install ClipGrab in Linux
Jul 16, 2016

Related Forums in BlueBorne attacks billions of devices, every device is vulnerable

Related Forums in BlueBorne attacks billions of devices, every device is vulnerable

Linux
jayce class=
shasum command not found
May 5, 2017
Linux
stephan class=
How to list all samba users
Jan 12, 2018
pv command
muhammad class=
pvcreate command not found error
May 9, 2017
Linux
henry class=
Starting NFS daemon: rpc.nfsd: writing fd to kernel failed: errno 111 (Connection refused)
Apr 25, 2017
ifconfig command
jackbrookes class=
what is the location of the ifconfig program on your machine?
Jan 4, 2018
Linux
baseer class=
single command to apply setfacl for multiple user at a time
Jan 23, 2018
Linux
beulah class=
What does mean by 0 0 value in fstab file
Jan 2, 2018
CentOS
mason class=
Error getting authority: Error initializing authority: Could not connect: No such file or directory (g-io-error-quark, 1)
Nov 20, 2018

Related News in BlueBorne attacks billions of devices, every device is vulnerable

Related News in BlueBorne attacks billions of devices, every device is vulnerable

Anbox, the Android-to-Linux tool the developers have been waiting for
Anbox, the Android-to-Linux tool the developers have been waiting for
Apr 17, 2017
Linus Torvalds stops signing Linux kernel RC tarballs
Linus Torvalds stops signing Linux kernel RC tarballs
May 17, 2017
Capsule8 Launches Linux-Based Container Security Platform
Capsule8 Launches Linux-Based Container Security Platform
Feb 14, 2017
Symantec updates Management console product
Symantec updates Management console product
Nov 22, 2017
Latest Linux driver release feature seven AMD Vega
Latest Linux driver release feature seven AMD Vega
Mar 23, 2017
A Newer and a Faster Window Manager for Tina (Linux Mint 19.2)
A Newer and a Faster Window Manager for Tina (Linux Mint 19.2)
Apr 9, 2019
Microsoft makes its Azure App service now available on Linux Systems
Microsoft makes its Azure App service now available on Linux Systems
Sep 7, 2017
Docker friendly Alpine Linux gets hardened Node.js
Docker friendly Alpine Linux gets hardened Node.js
Apr 19, 2017
Back To Top!
Rank
User
Points

Top Contributers

userNamenaveelansari
135850

Top Contributers

userNameayanbhatti
92510

Top Contributers

userNamehamzaahmed
32150

Top Contributers

1
userNamelinuxhelp
31040

Top Contributers

userNamemuhammadali
24500
Can you help Isaiah ?
What is the use of SUID & SGID commands

How to set the special permissions to the files and folders using SUID and SGID commands...

Networking
  • Routing
  • trunk
  • Netmask
  • Packet Capture
  • domain
  • HTTP Proxy
Server Setup
  • NFS
  • KVM
  • Memory
  • Sendmail
  • WebDAV
  • LXC
Shell Commands
  • Cloud commander
  • Command line archive tools
  • last command
  • Shell
  • terminal
  • Throttle
Desktop Application
  • Linux app
  • Pithos
  • Retrospect
  • Scribe
  • TortoiseHg
  • 4Images
Monitoring Tool
  • Monit
  • Apache Server Monitoring
  • EtherApe 
  • Arpwatch Tool
  • Auditd
  • Barman
Web Application
  • Nutch
  • Amazon VPC
  • FarmWarDeployer
  • Rukovoditel
  • Mirror site
  • Chef
Contact Us | Terms of Use| Privacy Policy| Disclaimer
© 2025 LinuxHelp.com All rights reserved. Linux™ is the registered trademark of Linus Torvalds. This site is not affiliated with linus torvalds in any way.