BlueBorne
   HOME

TheInfoList



OR:

BlueBorne is a type of
security vulnerability Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
with
Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...
implementations in Android,
iOS iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also include ...
,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
and
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...
. It affects many electronic devices such as laptops, smart cars,
smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
s and wearable gadgets. One example is . The vulnerabilities were first reported by Armis, an IoT security firm, on 12 September 2017. According to Armis, ''"The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today 017"''


History

The BlueBorne security vulnerabilities were first reported by Armis, an IoT security firm, on 12 September 2017.


Technical Information

The BlueBorne vulnerabilities are a set of 8 separate vulnerabilities. They can be broken down into groups based upon platform and type. There were vulnerabilities found in the Bluetooth code of the Android, iOS, Linux and Windows platforms: * Linux kernel RCE vulnerability - CVE-2017-1000251 * Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250 * Android information Leak vulnerability - CVE-2017-0785 * Android RCE vulnerability #1 - CVE-2017-0781 * Android RCE vulnerability #2 - CVE-2017-0782 * The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-0783 * The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-8628 * Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315 The vulnerabilities are a mixture of information leak vulnerabilities,
remote code execution In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in softwar ...
vulnerability or logical flaw vulnerabilities. The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP ( Low Energy Audio Protocol). This vulnerability was only present in older versions of the Apple iOS.


Impact

In 2017, BlueBorne was estimated to potentially affect all of the 8.2 billion Bluetooth devices worldwide, although they clarify that 5.3 billion Bluetooth devices are at risk. Many devices are affected, including laptops, smart cars,
smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
s and wearable gadgets. In 2018, after one year after the original disclosure, Armis estimated that over 2 billion devices were still vulnerable.


Mitigation

Google provides a BlueBorne vulnerability scanner from Armis for Android. Procedures to help protect devices from the BlueBorne security vulnerabilities were reported by September 2017.


References


External links

* {{Portal bar, Business and economics Computer security 2017 in computing