BlueBorne: Wormable Bluetooth Attack

Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth. Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices. Armis reported these vulnerabilities to the responsible actors, and is working with them as patches are being identified and released.

What Is BlueBorne?
BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

Additional Information: Download our Technical White Paper on BlueBorne

These vulnerabilities include:

  • Information Leak Vulnerability in Android (CVE-2017-0785)
  • Remote Code Execution Vulnerability (CVE-2017-0781) in Android’s Bluetooth Network Encapsulation Protocol (BNEP) service
  • Remote Code Execution Vulnerability (CVE-2017-0782) in Android BNEP’s Personal Area Networking (PAN) profile
  • The Bluetooth Pineapple in Android—Logical flaw (CVE-2017-0783)
  • Linux kernel Remote Code Execution vulnerability (CVE-2017-1000251)
  • Linux Bluetooth stack (BlueZ) information leak vulnerability (CVE-2017-1000250)
  • The Bluetooth Pineapple in Windows—Logical flaw (CVE-2017-8628)
  • Apple Low Energy Audio Protocol Remote Code Execution vulnerability (CVE Pending)

Blueborne – Android Take Over Demo

 

Install BlueBorne Vulnerability Scanner by Armis app (created by Armis team) from Google Play Store to check if their devices are vulnerable to BlueBorne attack or not. If found vulnerable, you are advised to turn off Bluetooth on your device when not in use.

Recent search terms:

Jio Customer Database of over 120 million users leaked

On Sunday evening, a website called “magicapk.com” surfaced that contained the personal data of millions of Reliance Jio users.

Jio-SIM-Card-Reliance-Jio-LYF[1]

At roughly 6 pm on Sunday, a website called “magicapk.com” started making its way through various Indian social media channels including Twitter, WhatsApp and Reddit India. The website, which came with a simple user interface as shown above, simply asks visitors to enter a Reliance Jio mobile number to get access to “Jio sim details”.

It could be the biggest data breach in India as the data leak in question over pertains to a database of over 120 million users of Reliance Jio. The website seems already a little sluggish and expected to go down soon as more users rush to find out if their personal data has been leaked. It took a couple or three tries for the number to show up on the website. It is not clear at this moment why this data has been leaked or how someone outside Jio got access to sensitive customer data.

Zomato hacked – User Data Available for Sale $1,001

According to Hackeread.com, a user by the name of “nclay” claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace.

This included emails and password hashes of registered Zomato users with the price set for the whole package at $1,001.43 (BTC 0.5587) – BTC here stands for Bitcoins. Hackeread adds the vendor also published data and evidence to prove it was genuine.

Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked.

Zomato, in a blog post

Best WordPress Coupon Theme You Always Wanted To Earn More

Coupon WordPress Theme is a beautiful and professional theme built from the ground up for the coupon business. Impress your visitors and convert more sales with this highly professional and fully customizable theme. The best theme for selling coupons, full stop!

Features

  • Responsive
  • Speed Optimized
  • SEO Ready
  • Use On Unlimited Sites

What You Get with this theme

  1. Unlimited Domain Usage
  2. One Click Installation
  3. Support & Updates for One Year
  4. 24×7 Premium Technical Support
  5. Narrated Video Tutorials
  6. Options Panel
  7. Secured & Optimized Code
  8. 30 Day Money Back Policy

Coupon Code MCHNY16

Get any #WordPress Theme or Plugin for just $19 #XMAS #Discount BUY FOR $19 (LIMITED TIME!)

 

Nokia D1C Price leaked. Price in India & for other markets

Nokia D1C is going to be one of the first Nokia Android Phones to be launched as per this tip. It will be revealed to the world at MWC 2017. Again as claimed in another interview, Nokia Android Phones should be available very soon post their launch.

  • Nokia D1C leaked Specs:
  • 1.4 GHz Snapdragon 430 Processor
  • Adreno 505 GPU
  • 2 / 3 GB RAM
  • Android Nougat 7.0
  • 5 / 5.5-inch, 1080p display
  • 16 GB internal storage
  • 13 /16 MP Rear camera
  • 8 MP FFC

Source: Nokia D1C Price leaked. Price in India & for other markets