BlueBorne: Wormable Bluetooth Attack

Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth. Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices. Armis reported these vulnerabilities to the responsible actors, and is working with them as patches are being identified and released.

What Is BlueBorne?
BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

Additional Information: Download our Technical White Paper on BlueBorne

These vulnerabilities include:

  • Information Leak Vulnerability in Android (CVE-2017-0785)
  • Remote Code Execution Vulnerability (CVE-2017-0781) in Android’s Bluetooth Network Encapsulation Protocol (BNEP) service
  • Remote Code Execution Vulnerability (CVE-2017-0782) in Android BNEP’s Personal Area Networking (PAN) profile
  • The Bluetooth Pineapple in Android—Logical flaw (CVE-2017-0783)
  • Linux kernel Remote Code Execution vulnerability (CVE-2017-1000251)
  • Linux Bluetooth stack (BlueZ) information leak vulnerability (CVE-2017-1000250)
  • The Bluetooth Pineapple in Windows—Logical flaw (CVE-2017-8628)
  • Apple Low Energy Audio Protocol Remote Code Execution vulnerability (CVE Pending)

Blueborne – Android Take Over Demo

 

Install BlueBorne Vulnerability Scanner by Armis app (created by Armis team) from Google Play Store to check if their devices are vulnerable to BlueBorne attack or not. If found vulnerable, you are advised to turn off Bluetooth on your device when not in use.

Jio Customer Database of over 120 million users leaked

On Sunday evening, a website called “magicapk.com” surfaced that contained the personal data of millions of Reliance Jio users.

Jio-SIM-Card-Reliance-Jio-LYF[1]

At roughly 6 pm on Sunday, a website called “magicapk.com” started making its way through various Indian social media channels including Twitter, WhatsApp and Reddit India. The website, which came with a simple user interface as shown above, simply asks visitors to enter a Reliance Jio mobile number to get access to “Jio sim details”.

It could be the biggest data breach in India as the data leak in question over pertains to a database of over 120 million users of Reliance Jio. The website seems already a little sluggish and expected to go down soon as more users rush to find out if their personal data has been leaked. It took a couple or three tries for the number to show up on the website. It is not clear at this moment why this data has been leaked or how someone outside Jio got access to sensitive customer data.

Zomato hacked – User Data Available for Sale $1,001

According to Hackeread.com, a user by the name of “nclay” claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace.

This included emails and password hashes of registered Zomato users with the price set for the whole package at $1,001.43 (BTC 0.5587) – BTC here stands for Bitcoins. Hackeread adds the vendor also published data and evidence to prove it was genuine.

Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked.

Zomato, in a blog post

Trending

Airtel Revises Rs. 199, Rs. 448, Rs. 509 Prepaid Packs to Offer 1.4GB Data Per Day

NDTV - 5 hours ago
To take on Reliance Jio's continuing onslaught of data rates in the Indian telecom sector, Airtel has upgraded its Rs. 199, Rs. 448, and Rs. 509 prepaid packs. All three packs now offer 1.4GB data per day, which is a significant 40 percent bump over...

Microsoft Xbox One X comes to India: Price, features, specifications, and more

The Indian Express - 5 hours ago
Microsoft Xbox One X, the company's most powerful game console, has been launched in India. The high-end console competes with Sony's PlayStation 4 Pro. 31. Shares. Share. Written by Anuj Bhatia | New Delhi | Updated: January 23, 2018 4:16 pm. Xbox One...

Amazon, Flipkart sales today: Discounts on iPhone X, Google Pixel 2 and iPhone 8 series

The Indian Express - 3 hours ago
Amazon and Flipkart's big sales continue and premium phones like Apple iPhone 8 Plus, Apple iPhone X, and the Google Pixel 2 series all have discounts on them. A comparison of deals on premium flagships. 51. Shares. Share. By: Tech Desk | New Delhi...

WhatsApp Business App for SMEs Now Available in India

NDTV - 6 hours ago
Just days after its initial rollout, the WhatsApp Business app has now debuted in India. The standalone app offers a simple tool for small businesses to let them communicate with their clients and customers in an easy way. Facebook-owned WhatsApp...

Tata Tigor Sport teased ahead of Auto Expo 2018, go-faster version to debut along with Tiago Sport

International Business Times, India Edition - 1 hour ago
Tata is also expected to debut a new SUV, a LCV (Lighter Commercial vehicle) and a premium hatchback codenamed X451 at Auto Expo 2018. By : Greeshma M. January 23, 2018 16:08 IST. Tata Tigor SportTata. Tata Motors has teased a new image of what seems...

Samsung Announces 'Corporate Privilege Programme' Sale for Corporate Employees in India

NDTV - 3 hours ago
There are discounts up to 25 percent in addition to exchange offers through Cashify.in, 30 percent MobiKwik SuperCash (up to Rs. 4,000), and no cost EMI facility on purchases through various credit cards and Bajaj Finserv. Further, corporate customers...

2018 Maruti Suzuki Swift variants explained

CarWale - 11 minutes ago
Last week, the country's largest car manufacturer Maruti Suzuki started accepting bookings for the upcoming third generation Swift in India. The new model is due for launch in February with the deliveries to start soon after. It is based on the...

Redmi 5A, Other Mobiles Available With Offers in Xiaomi's Republic Day Sale

NDTV - 45 minutes ago
Xiaomi is all set to kick off its Republic Day sale on Mi.com with offers available on mobile phones, audio accessories, power banks, home gadgets, and other non-tech essentials. The Xiaomi sale will be held from Wednesday, January 24 to Friday...

Xiaomi's new chipset 'Surge S2' leaked online, may power the upcoming Mi A2

Digit - 3 hours ago
The Surge S2 chipset will reportedly power the upcoming Mi 6X phone which will launch as the Xiaomi Mi A2 in global markets including India. The Surge S2 chipset will reportedly be announced at the Mobile World Congress 2018 in Barcelona in February...

News via Google. See more news like this

Best WordPress Coupon Theme You Always Wanted To Earn More

Coupon WordPress Theme is a beautiful and professional theme built from the ground up for the coupon business. Impress your visitors and convert more sales with this highly professional and fully customizable theme. The best theme for selling coupons, full stop!

Features

  • Responsive
  • Speed Optimized
  • SEO Ready
  • Use On Unlimited Sites

What You Get with this theme

  1. Unlimited Domain Usage
  2. One Click Installation
  3. Support & Updates for One Year
  4. 24×7 Premium Technical Support
  5. Narrated Video Tutorials
  6. Options Panel
  7. Secured & Optimized Code
  8. 30 Day Money Back Policy

Coupon Code MCHNY16

Get any #WordPress Theme or Plugin for just $19 #XMAS #Discount BUY FOR $19 (LIMITED TIME!)