Welcome to WebmasterWorld Guest from 54.227.6.156

Forum Moderators: open

BlueBorne

IoT Attack Vector

     
11:31 pm on Sep 12, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10388
votes: 597


Security research firm Armis* [armis.com] has disclosed eight new Bluetooth vulnerabilities it collectively calls "Blueborne" that take less than 10 seconds to penetrate and take over device with Bluetooth switched on, without the user having to connect to a compromised device or take any other action.
[boingboing.net...]

*BlueBorne is a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them... The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode.
[armis.com...]

In the last hour, I've shut down all my Bluetooth devices at my studio removing most devices from the property until this is resolved.
11:54 pm on Sept 12, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5721
votes: 99


Would've been cooler if they called it BlueBourne.

But then again, there might be copyright issues...
9:53 pm on Sept 18, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10388
votes: 597


I have not read where any fix has been made.

In my industry, this is significant. We use Bluetooth a lot and this vulnerability potentially gives access to our clients sensitive information.
8:03 am on Sept 19, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24931
votes: 644


I've always had the habit of turning off bluetooth if it's on by default. If i want to use it, I then turn it on, and then off again when done.

The patches to the operating systems seem slow to be released, but in many instances, have been released. I'm not sure how consumers will be able to update some of the devices. The main players, such as Microsoft, Google, Apple, Linux, appear to have issued patches, however, I know someone with bluetooth in their TV and soundbar, and I don't think there's a way for them to check.
10:52 am on Sept 23, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10388
votes: 597


I have playback devices with Bluetooth 3.0 made by Onkyo I that isn't WiFi connected to get an update. Still waiting for a response from them.

I have 2 Sanyo TVs and both have received OS updates in the last couple weeks, so I assume the bug has been fixed.

My MS devices I wasn't worried about. MS is always quick with security.

I've always had the habit of turning off bluetooth if it's on by default
As do I but it seems this bug didn't need anything to be active or connected to allow the perp access.

Still not sure about my Google Home or my Chrome sticks & outlet connectors.
4:34 pm on Sept 23, 2017 (gmt 0)

Junior Member from US 

5+ Year Member

joined:Dec 23, 2008
posts:153
votes: 4


sigh... My new hearing aids are "BlueTooth-enabled".
I'm sure the spammers are salivating at the opportunity
to drive spam direct to my ear drums...
5:25 pm on Sept 23, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:14370
votes: 565


Do I even use Bluetooth? I thought all my devices had died, one by one, to be replaced with non-bluetooth variants.

Oh, right, there's my original Apple mouse, which I use only as a remote control when watching movies on the computer. So when I'm in that top menu bar adjusting the System sound, I can concurrently turn Bluetooth on--and then turn it off again when the movie is done.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members