Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




60 posts

Master Geek
+1 received by user: 20


Topic # 223116 13-Sep-2017 14:51
One person supports this post
Send private message quote this post

Looks like a major vulnerability has been revealed in Bluetooth

 

https://www.armis.com/blueborne/

 

Synopsis:

 

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector.

 

 

 

It appears only our iFriends are safe(ish).


Create new topic
2250 posts

Uber Geek
+1 received by user: 639

Trusted
Subscriber

  Reply # 1864601 13-Sep-2017 16:19
Send private message quote this post

Wow.  This is potentially quite serious.  If someone turns this exploit into a viable worm that self-replicates from device to device, a visit to a public place with your smartphone or tablet becomes hazardous.

 

Windows 7 and above will automatically be patched in the coming weeks.

 

iOS 10 devices are not vulnerable assuming the users have OK'd iOS updates...  but I think anyone with an iPhone 4s and below is vulnerable.

 

I assume most IoT devices don't have an easy semi-automated patching system, but it may not be worth trying to exploit these unless there is a common code base.

 

Are Android users still at the mercy of manufacturers and Telcos to roll out updates or does Android now have a centralised patching system?

 

 





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

2222 posts

Uber Geek
+1 received by user: 628

Trusted

  Reply # 1864603 13-Sep-2017 16:20
Send private message quote this post

Just read this ARS article on it: https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

 

One word is "ouch" followed by "switch off all your bluetooth"






 
 
 
 


2222 posts

Uber Geek
+1 received by user: 628

Trusted

  Reply # 1864604 13-Sep-2017 16:22
Send private message quote this post

And if you just feel like watching the YouTube videos:

 

Android:

 

Linux:

 

Windows:






238 posts

Master Geek
+1 received by user: 6


  Reply # 1864948 14-Sep-2017 09:04
Send private message quote this post

Given that this is a newly discovered exploit how likely would there really be something out in the wild? I'm sure given enough time something would appear but in terms of now and the next couple of weeks or so?


1833 posts

Uber Geek
+1 received by user: 585

Trusted

  Reply # 1864956 14-Sep-2017 09:06
Send private message quote this post

My Pixel is just installing the patch for this now.

 

My old Nexus 6 might not be as lucky.


1833 posts

Uber Geek
+1 received by user: 585

Trusted

  Reply # 1864978 14-Sep-2017 09:13
Send private message quote this post

Sorry to reply to myself, but Android users there's a vulnerability scanner app here.


1135 posts

Uber Geek
+1 received by user: 230


  Reply # 1865039 14-Sep-2017 10:24
Send private message quote this post

So, because so many Android phone & tablet Manufacturers abandon mid price devices after release, and NEVER release updates.....(cough cough Samsung)
..Millions of Android users will never see a patch to fix this ?


1833 posts

Uber Geek
+1 received by user: 585

Trusted

  Reply # 1865067 14-Sep-2017 10:28
One person supports this post
Send private message quote this post

1101:

 

So, because so many Android phone & tablet Manufacturers abandon mid price devices after release, and NEVER release updates.....(cough cough Samsung)
..Millions of Android users will never see a patch to fix this ?

 

 

That's right.  Think about all those car head units out there.

 

I wonder how many Samsung TVs etc are vulnerable to this too.  It's a pretty major issue.

 

As much as I hate Samsung and will never, ever buy another one of their terrible phones, they ARE getting better with security updates.  I see that the Galaxy S5, quite an old phone now, got the September patch today.


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Symantec protects data everywhere with Information Centric Security
Posted 21-Sep-2017 15:33


FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53


Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51


Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39


If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54


Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07


OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56


Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48


Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37


Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45


Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40


Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27


NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16


Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Garmin introduce Garmin vivoactive 3
Posted 1-Sep-2017 18:38



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.