HOME

TheInfoList



Click Here for Items Related To - BlueBorne (security Vulnerability)
OR:
BlueBorne (security Vulnerability) on:   [Wikipedia]   [Google]   [Amazon]

BlueBorne is a type of
security vulnerability Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
with
Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limit ...
implementations in
Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...
,
iOS iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also include ...
,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
and
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...
. It affects many electronic devices such as laptops, smart cars,
smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
s and wearable gadgets. One example is . The vulnerabilities were first reported by Armis, an
IoT The Internet of things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other com ...
security firm, on 12 September 2017. According to Armis, ''"The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today
017 Seventeen or 17 may refer to: * 17 (number), the natural number following 16 and preceding 18 * one of the years 17 BC, AD 17, 1917, 2017 Literature Magazines * ''Seventeen'' (American magazine), an American magazine * ''Seventeen'' (Japanese ...
"''


History

The BlueBorne security vulnerabilities were first reported by Armis, an
IoT The Internet of things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other com ...
security firm, on 12 September 2017.


Technical Information

The BlueBorne vulnerabilities are a set of 8 separate vulnerabilities. They can be broken down into groups based upon platform and type. There were vulnerabilities found in the Bluetooth code of the Android, iOS, Linux and Windows platforms: * Linux kernel RCE vulnerability - CVE-2017-1000251 * Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250 * Android information Leak vulnerability - CVE-2017-0785 * Android RCE vulnerability #1 - CVE-2017-0781 * Android RCE vulnerability #2 - CVE-2017-0782 * The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-0783 * The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-8628 * Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315 The vulnerabilities are a mixture of
information leak Information is an abstract concept that refers to that which has the power to inform. At the most fundamental level information pertains to the interpretation of that which may be sensed. Any natural process that is not completely random ...
vulnerabilities,
remote code execution In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in softwar ...
vulnerability or logical flaw vulnerabilities. The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP (
Low Energy Audio Protocol Low or LOW or lows, may refer to: People * Low (surname), listing people surnamed Low Places * Low, Quebec, Canada * Low, Utah, United States * Lo Wu station (MTR code LOW), Hong Kong; a rail station * Salzburg Airport (ICAO airport code: LOW ...
). This vulnerability was only present in older versions of the Apple iOS.


Impact

In 2017, BlueBorne was estimated to potentially affect all of the 8.2 billion Bluetooth devices worldwide, although they clarify that 5.3 billion Bluetooth devices are at risk. Many devices are affected, including laptops, smart cars,
smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
s and wearable gadgets. In 2018, after one year after the original disclosure, Armis estimated that over 2 billion devices were still vulnerable.


Mitigation

Google provides a BlueBorne vulnerability scanner from Armis for
Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...
. Procedures to help protect devices from the BlueBorne security vulnerabilities were reported by September 2017.


References


External links

* {{Portal bar, Business and economics Computer security 2017 in computing