BlueBorne: Wormable Bluetooth Attack

Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth. Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices. Armis reported these vulnerabilities to the responsible actors, and is working with them as patches are being identified and released.

What Is BlueBorne?
BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

Additional Information: Download our Technical White Paper on BlueBorne

These vulnerabilities include:

  • Information Leak Vulnerability in Android (CVE-2017-0785)
  • Remote Code Execution Vulnerability (CVE-2017-0781) in Android’s Bluetooth Network Encapsulation Protocol (BNEP) service
  • Remote Code Execution Vulnerability (CVE-2017-0782) in Android BNEP’s Personal Area Networking (PAN) profile
  • The Bluetooth Pineapple in Android—Logical flaw (CVE-2017-0783)
  • Linux kernel Remote Code Execution vulnerability (CVE-2017-1000251)
  • Linux Bluetooth stack (BlueZ) information leak vulnerability (CVE-2017-1000250)
  • The Bluetooth Pineapple in Windows—Logical flaw (CVE-2017-8628)
  • Apple Low Energy Audio Protocol Remote Code Execution vulnerability (CVE Pending)

Blueborne – Android Take Over Demo

 

Install BlueBorne Vulnerability Scanner by Armis app (created by Armis team) from Google Play Store to check if their devices are vulnerable to BlueBorne attack or not. If found vulnerable, you are advised to turn off Bluetooth on your device when not in use.

Recent search terms:

CYBER MONDAY 2016: THE BEST ONLINE SHOPPING DEALS

Cyber Monday

New WhatsApp Hoax message – Reliance Jio bill for Rs 27,000

A new hoax is doing the rounds of India’s favourite messaging app, WhatsApp, claiming that a user was billed for Rs 27,718 by Reliance Jio while she was on the Jio Welcome offer. According to the image of the fake bill, Ayunuddin Mondal from Kolkata is required to pay this ridiculously large amount on the account of using 554.38 GB of data and 44 minutes of voice calling.Considering that Reliance Jio is offering charge-free service for the duration of the Jio Welcome Offer (valid upto December 31), it is not possible for a user to receive a bill.

 

Stream Shared Videos While Downloading | WhatsApp

 

WhatsApp-AH-6-of-11-1600x1067WhatsApp beta for Android will allow its users to watch shared videos while they’re being downloaded in the background. The feature is being tested on the WhatsApp for Android beta app, and can soon be expected to release to the stable channel of the app.

The new video streaming feature on WhatsApp for Android beta will use your Wi-Fi or cellular data to buffer a shared video, while it’s still in the downloading process in the background. Earlier, WhatsApp users had to wait until a video gets completely downloaded to watch it – depending upon WhatsApp auto-download setting. We tested the feature on WhatsApp for Android beta v2.16.354.