BlueBorne – Patch It Before Compromise !!!

Home/Security Update/BlueBorne – Patch It Before Compromise !!!

BlueBorne – Patch It Before Compromise !!!

Needless Bluetooth architecture complexity exposing the BlueBorne attack on 8.2 Billion Bluetooth devices which are used world wide

Any devices which has Bluetooth functionality with the below mentioned platform are prone to attack; interestingly the payload’s also available to perform the hack in an easiest way.

Most of the IOT devices are enhanced with Always ON feature; which ranks the vulnerability as CRITICAL

Notorious point is “The attack doesn’t require the other device to be pared or doesn’t required any authentication to exploit this vulnerability on the platforms”

If the exploit is success and the hackers will gain the full access to the connected device network, through which they can infiltrate inside your network very easily to make you compromise

Platforms infected:

  • Linux kernel RCE vulnerability – CVE-2017-1000251
  • Linux Bluetooth stack (BlueZ) information Leak vulnerability – CVE-2017-1000250
  • Android information Leak vulnerability – CVE-2017-0785
  • Android RCE vulnerability #1 – CVE-2017-0781
  • Android RCE vulnerability #2 – CVE-2017-0782
  • The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783
  • The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628
  • Apple Low Energy Audio Protocol RCE vulnerability – CVE-2017-14315

Post understanding the seriousness of the vulnerability RedHat Linux released the Patches today 13-Sep-17 – https://access.redhat.com/security/vulnerabilities/blueborne  – Highlighting – Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 & Red Hat Enterprise MRG 2 is vulnerable and the patches are Available

Zero day continues for Apple still but other vendors has released the patches to close the vulnerability at the earliest

S. No Vendor Patch Available ? Link
1 Linux Yes

https://access.redhat.com/security/vulnerabilities/blueborne

CVE-2017-1000251 & CVE-2017-1000250

2 Google – Android Yes

https://source.android.com/security/bulletin/2017-09-01

CVE-2017-0781, CVE-2017-0782, CVE-2017-0783 & CVE-2017-0785

3 Microsoft – Windows Yes

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628

CVE-2017-8628

 

4 Apple No

ZERO DAY

CVE-2017-0781, CVE-2017-0782, CVE-2017-0783 & CVE-2017-0785

Most of the industries think they don’t have the Bluetooth devices in their environment, but it’s time to double check their environment to identify the turned ON Bluetooth devices

Some of the important vendors similar to BlipTrack, BlueMotion they use the Bluetooth features in Airports which controls and monitors the Airport Passenger traffics

Blip Track Enhanced Airports List

 

 

 

 

 

 

 

Public Places, Transport locations, Banking Displays, Financial places, Super Markets and other crowd listed places are having default Bluetooth ON features.

It becomes system administrators act to identify such devices and turn it OFF or Patch the Updates without fail. Recent Casino attack confirms the “AI-Fish Tank” was the reason to huge Data Breach. This Blueborne can lead to more interesting hacking’s. Dont let it create and don’t be in compromised history !!!

By | 2017-09-13T15:45:39+00:00 September 13th, 2017|Security Update|

About the Author:

FirstHackersNews- Identifies Security