BlueBorne (security vulnerability) explained

BlueBorne is a type of security vulnerability with Bluetooth implementations in Android, iOS, Linux and Windows.[1] [2] [3] It affects many electronic devices such as laptops, smart cars, smartphones and wearable gadgets. One example is . The vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017.[4] [5] [6] According to Armis, "The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today [2017]."

History

The BlueBorne security vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017.

Technical Information

The BlueBorne vulnerabilities are a set of 8 separate vulnerabilities.[7] They can be broken down into groups based upon platform and type. There were vulnerabilities found in the Bluetooth code of the Android, iOS, Linux and Windows platforms:[8]

The vulnerabilities are a mixture of information leak vulnerabilities, remote code execution vulnerability or logical flaw vulnerabilities. The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP (Low Energy Audio Protocol). This vulnerability was only present in older versions of the Apple iOS.[17]

Impact

In 2017, BlueBorne was estimated to potentially affect all the 8.2 billion Bluetooth devices worldwide, although they clarify that 5.3 billion Bluetooth devices are at risk.[18] Many devices are affected, including laptops, smart cars, smartphones and wearable gadgets.

In 2018, after one year after the original disclosure, Armis estimated that over 2 billion devices were still vulnerable.[19] [20]

Mitigation

Google provides a BlueBorne vulnerability scanner from Armis for Android.[21] Procedures to help protect devices from the BlueBorne security vulnerabilities were reported by September 2017.[22] [23] [24]

Notes and References

  1. News: Staff . The Attack Vector "BlueBorne" Exposes Almost Every Connected Device . 12 September 2017 . Armis.com . 5 January 2018 .
  2. News: Staff . BlueBorne - Protecting the Enterprise from BlueBorne . 12 September 2017 . Armis.com . 5 January 2018 . 20 December 2017 . https://web.archive.org/web/20171220084324/http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf . dead .
  3. Web site: Biggs . Jpohn . New Bluetooth vulnerability can hack a phone in 10 seconds . 12 September 2017 . . 5 January 2018 .
  4. Newman . Lily Hay . Hey, Turn Bluetooth Off When You're Not Using It . 13 September 2017 . . 5 January 2018 .
  5. Web site: Hildenbrand . Jerry . Let's talk about Blueborne, the latest Bluetooth vulnerability . 16 September 2017 . AndroidCentral.com . 5 January 2018 .
  6. Web site: Kerner . Sean Michael . BlueBorne Bluetooth Flaws Put Billions of Devices at Risk . 12 September 2017 . . 5 January 2018 .
  7. Web site: BlueBorne Whitepaper. live. https://web.archive.org/web/20200505161458/https://info.armis.com/rs/645-PDC-047/images/BlueBorne%20Technical%20White%20Paper_20171130.pdf . 5 May 2020 .
  8. Web site: An Analysis of BlueBorne: Bluetooth Security Risks. 2021-07-28. Decipher. en.
  9. Web site: NVD - CVE-2017-1000251. 2021-07-28. nvd.nist.gov.
  10. Web site: NVD - CVE-2017-1000250. 2021-07-28. nvd.nist.gov.
  11. Web site: NVD - CVE-2017-0785. 2021-07-28. nvd.nist.gov.
  12. Web site: NVD - CVE-2017-0781. 2021-07-28. nvd.nist.gov.
  13. Web site: NVD - CVE-2017-0782. 2021-07-28. nvd.nist.gov.
  14. Web site: NVD - CVE-2017-0783. 2021-07-28. nvd.nist.gov.
  15. Web site: NVD - CVE-2017-8628. 2021-07-28. nvd.nist.gov.
  16. Web site: NVD - CVE-2017-14315. 2021-07-28. nvd.nist.gov.
  17. Web site: 2017-09-22. What is BlueBorne? An Apple Device FAQ. 2021-07-28. The Mac Security Blog. en-US.
  18. Web site: Smith. Ms. 2017-09-12. 5.3 billion devices at risk for invisible, infectious Bluetooth attack. 2021-07-28. CSO Online. en.
  19. Web site: Osborne. Charlie. Two billion devices still vulnerable to Blueborne flaws a year after discovery. 2021-07-28. ZDNet. en.
  20. Web site: 2018-09-13. BlueBorne: One Year Later. 2021-07-28. Armis. en-US.
  21. Web site: Staff . BlueBorne Vulnerability Scanner by Armis - 2017 . 12 September 2017 . . 5 January 2018 .
  22. Web site: Staff . Information on new BlueBorne security vulnerability . 15 September 2017 . . 5 January 2018 .
  23. Web site: Meyer . David . How to Check If You're Exposed to Those Scary BlueBorne Bluetooth Flaws . 13 September 2017 . . 5 January 2018 .
  24. Web site: Geiger . Erik . "BlueBorne" Exposes Millions of Bluetooth Devices . 20 September 2017 . . 5 January 2018 . 5 January 2018 . https://web.archive.org/web/20180105233711/https://it.wisc.edu/news/blueborne-exposes-millions-bluetooth-devices/ . dead .