Blueborne Security Bulletin

Blueborne Security Bulletin


Overview

Armis Labs has disclosed a vulnerability that affects nearly all systems using Bluetooth. “BlueBorne” does not require a system to be connected to a network, nor requires any action by an end user, and can spread to devices with Bluetooth enabled. This allows an attacker to connect to a Bluetooth enabled device without actively pairing and upload malware or establish a man-in-the-middle connection without the user’s knowledge. Compromised devices can be used to distribute an infection to other devices within Bluetooth range.

Threat Intelligence

We have not seen reports of these vulnerabilities being exploited in the wild however Armis has demonstrated several exploits in videos.

Systems Affected

Android

All Android phones, tablets, and wearables

Examples of affected devices:

  • Google Pixel
  • Samsung Galaxy
  • LG Watch Sport
  • Pumpkin Car Audio Systems
Windows

All Windows computers since Windows Vista are affected.

Linux

All Linux devices running BlueZ and all Linux devices running version 3.3-rc1 (released in October 2011)

Examples of affected devices

  • Samsung Gear S3 (Smartwatch)
  • Samsung Smart TVs
  • Samsung Family Hub (Smart refrigerator)
iOS

All Apple devices running iOS version <= 9.3.5 and AppleTV devices running version <= 7.2.2

Examples of affected devices

  • iPhone (iOS 9.3.5 or lower)
  • iPad (iOS 9.3.5 or lower)
  • iPod Touch (iOS 9.3.5 or lower)
  • AppleTV (version 7.2.2 and lower)

Identified Exploits

Android
  • CVE-2017-0781 – Remote code execution
  • CVE-2017-0782 – Remote code execution
  • CVE-2017-0785 – Information leak
  • CVE-2017-0783 – Man-in-the-Middle attack
Windows
  • CVE-2017-8628 – “Bluetooth Pineapple” vulnerability allows an attacker to perform a Man-in-the-Middle attack.
Linux
  • CVE-2017-1000250 – Information leak vulnerability affecting BlueZ.
  • CVE-2017-1000251 – Remote code execution
iOS
  • CVE-2017-14315 – Remote code execution.

Patches

Android

Google issued a security patch as part of their September Security Update and Bulletin.

Windows

Microsoft is security patches to all supported Windows versions at Tuesday, September 12.

Linux

Red Hat has provided a kpatch for customers running Red Hat Enterprise Linux 7.2 or greater.

iOS

Apple mitigated this vulnerability in iOS 10, we recommend you upgrade to the latest iOS or tvOS available.

Technical SUmmary

Armis published a whitepaper detailing the vulnerability here: http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf

Recommendations

We recommend the following actions be taken:

  • Install the latest security patches for your device as they become available.
  • If you are concerned that your device may not be patched, we recommend disabling Bluetooth, and minimizing its use until you can confirm a patch is issued and installed on your device.
  • Users of Android devices can determine if their device is vulnerable by downloading the Blueborn Android App.*

*This is a third party application that has not been vetted by Masergy for safety or effectiveness. Use at your own discretion.

References

Armis
Google
Microsoft
RedHat
NVD

We use cookies to improve your web experience, better understand how our site is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. Read more and make cookie choices by visiting our privacy policy.