• Source: BlueBorne (security vulnerability)

BlueBorne is a type of security vulnerability with Bluetooth implementations in Android, iOS, Linux and Windows. It affects many electronic devices such as laptops, smart cars, smartphones and wearable gadgets. One example is CVE-2017-14315. The vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017. According to Armis, "The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today [2017]."




History


The BlueBorne security vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017.




Technical Information


The BlueBorne vulnerabilities are a set of 8 separate vulnerabilities. They can be broken down into groups based upon platform and type. There were vulnerabilities found in the Bluetooth code of the Android, iOS, Linux and Windows platforms:

Linux kernel RCE vulnerability - CVE-2017-1000251
Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250
Android information Leak vulnerability - CVE-2017-0785
Android RCE vulnerability #1 - CVE-2017-0781
Android RCE vulnerability #2 - CVE-2017-0782
The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-0783
The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-8628
Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315
The vulnerabilities are a mixture of information leak vulnerabilities, remote code execution vulnerability or logical flaw vulnerabilities. The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP (Low Energy Audio Protocol). This vulnerability was only present in older versions of the Apple iOS.




Impact


In 2017, BlueBorne was estimated to potentially affect all the 8.2 billion Bluetooth devices worldwide, although they clarify that 5.3 billion Bluetooth devices are at risk. Many devices are affected, including laptops, smart cars, smartphones and wearable gadgets.
In 2018, after one year after the original disclosure, Armis estimated that over 2 billion devices were still vulnerable.




Mitigation


Google provides a BlueBorne vulnerability scanner from Armis for Android.
Procedures to help protect devices from the BlueBorne security vulnerabilities were reported by September 2017.




References






External links


Official website

Kata Kunci Pencarian:

• BlueBorne (security vulnerability)
• Bluetooth
• Device driver
• Emotet