BlueBorne Vuln: Turn off bluetooth in Android/Linux/IoT, NOW

[Granger]

We're fucked, deep and good: https://www.armis.com/blueborne/

TD;DR: wireless, interaction-free, man-in-the-middle and remote code execution zero-day exploits - in the bluetooth stack, no pairing needed.

Affected devices, as long as you have Bluetooth active:
Android: basically all in existance = remote code execution as root
Windows: everything since vista = MitM - patch available for windows 7+ (vista users can bin the OS) through windows update
Linux: everything since October 2011 (kernel >= 3.3-rc1) = remote code execution as root
iOS: iOS<9.3.5 AppleTV<7.2.2 = remote code execution as root (newer versions possibly affected through memory corruption in low energy audio protocol)

Better turn OFF bluetooth in all your affected devices, NOW, until it becomes clear how to mitigate this.

[jordancoles]

Better turn OFF bluetooth in all your affected devices, NOW, until it becomes clear how to mitigate this.

Done!

[stya]

Sorry but... BroadPwn, ShellShock, WannaCry, SS7? To name just a few, BlueBorne is nothing exceptional.

People who don't know anything about security are always fucked anyway... And even those who do actually.

[Granger]

Sorry but... BroadPwn, ShellShock, WannaCry, SS7? To name just a few,

Let's see: remote crash, code injection in some million affected systems, windows only (the usual), DoS or free phoning.

BlueBorne is nothing exceptional.

I would classify unauthenticated, over-the-air, wormable, remote code execution (with kernel privileges), 5 billion affected devices... that is exceptional.
Especially as a good part of them will never get a patch (android throwaways and the piles of unsupported internet of shit devices).

[MagicManICT]

I'm with stya on this one. This isn't entirely new. I've been telling people to not use Bluetooth for years. Unless you have a reason to use bluetooth, just keep it off. It's not worth the security risk. If there were a way to physically break the hardware without damaging the rest of the device, I'd recommend that.

That someone has figured out a way to pull this now? Doesn't surprise me, and this is just a tip of the iceberg. Anything that allows a device to interconnect with other devices is vulnerable, no matter what.

[loftar]

BlueBorne is nothing exceptional.

I would classify unauthenticated, over-the-air, wormable, remote code execution (with kernel privileges), 5 billion affected devices... that is exceptional.

I agree. I find it particularly fascinating that both Linux, Windows and iOS are affected. I can only assume they've found independent bugs in each, which is quite something. It would be fun getting a non-vulnerable Bluetooth scanner running, take it a spin around a shopping mall and see how common infections will be in a few weeks.

Especially as a good part of them will never get a patch (android throwaways and the pleory of unsupported internet of shit devices).

And that truly is such shit. I really should be checking out LineageOS. I'm just too worried about not having a backup phone in case I mess it up.

[newaccountlol]

Thanks for the heads up OP

Sorry but... BroadPwn, ShellShock, WannaCry, SS7? To name just a few, BlueBorne is nothing exceptional.

People who don't know anything about security are always fucked anyway... And even those who do actually.

I agree with Granger it is exceptional compared to any consumer-effecting vulnerabilities discovered so far. The ease of targeting somebody, the amount of people who are vulnerable, the ability to spread like a virus, effect any operating system, root access, and remote code execution without any real difficulty makes this a huge deal and possibly the biggest vulnerability ever discovered.

[MagicManICT]

BlueBorne is nothing exceptional.

I would classify unauthenticated, over-the-air, wormable, remote code execution (with kernel privileges), 5 billion affected devices... that is exceptional.

I agree. I find it particularly fascinating that both Linux, Windows and iOS are affected. I can only assume they've found independent bugs in each, which is quite something.

Pretty sure issues like this have come up in the past when there was an flaw in the hardware design. I wish I could recall which network technology it was, but as it was a wired technology, you had to physically tap into the wire, which usually meant breaking and entering a business. The operating system didn't matter and you could then continue a hack based on the OS found

It would be fun getting a non-vulnerable Bluetooth scanner running, take it a spin around a shopping mall and see how common infections will be in a few weeks.

Yeah, but how would you do this without creating a whole lot of scares and problems? Look at the US-Israeli developed virus (Stuxnet) released to hack the Iranian nuclear facilities several years back. It was meant to be contained to such facilities, but ended up showing up all over the world and causing enough problems that the major AV developers cracked the virus and the story.

[loftar]

It would be fun getting a non-vulnerable Bluetooth scanner running, take it a spin around a shopping mall and see how common infections will be in a few weeks.

Yeah, but how would you do this without creating a whole lot of scares and problems? Look at the US-Israeli developed virus (Stuxnet) released to hack the Iranian nuclear facilities several years back. It was meant to be contained to such facilities, but ended up showing up all over the world and causing enough problems that the major AV developers cracked the virus and the story.

My idea was just to walk around with a Bluetooth device and see how many incoming connections arrive to try and crack it. :)

[shubla]

If somebody uses bluetooth he clearly does not care about security.