New Bluetooth vulnerabilities expose billions of devices [source: siliconangle]
by CIRT Team
Billions of Bluetooth-enabled devices are exposed to a number of recently discovered vulnerabilities that allow a hacker to access and take control of devices, install malware and undertake other malicious activities, according to newly published research.
Discovered by security firm Armis Labs Inc. and dubbed “BlueBorne,” the vulnerability affects major mobile, desktop, and IoT operating systems, including Android, iOS, Windows and Linux. It’s spread over the air and attacks devices via an open Bluetooth connection without the need for a device to be paired.
The attack takes advantage of at least eight newly discovered vulnerabilities present in a standard Bluetooth driver installation. Once through the door, hackers can not only attack the targeted device but also use it for “man in the middle attacks,” a form of attack where the device is used to attack other devices on a network.
“The BlueBorne attack vector has several qualities which can have a devastating effect when combined,” Aramis said in a blog post. “By spreading through the air, BlueBorne targets the weakest spot in the networks’ defense – and the only one that no security measure protects. Spreading from device to device through the air also makes BlueBorne highly infectious. Moreover, since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device.”
For more, click here.