Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




82 posts

Master Geek


# 223116 13-Sep-2017 14:51
One person supports this post
Send private message

Looks like a major vulnerability has been revealed in Bluetooth

 

https://www.armis.com/blueborne/

 

Synopsis:

 

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector.

 

 

 

It appears only our iFriends are safe(ish).


Create new topic
2691 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1864601 13-Sep-2017 16:19
Send private message

Wow.  This is potentially quite serious.  If someone turns this exploit into a viable worm that self-replicates from device to device, a visit to a public place with your smartphone or tablet becomes hazardous.

 

Windows 7 and above will automatically be patched in the coming weeks.

 

iOS 10 devices are not vulnerable assuming the users have OK'd iOS updates...  but I think anyone with an iPhone 4s and below is vulnerable.

 

I assume most IoT devices don't have an easy semi-automated patching system, but it may not be worth trying to exploit these unless there is a common code base.

 

Are Android users still at the mercy of manufacturers and Telcos to roll out updates or does Android now have a centralised patching system?

 

 





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

2948 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1864603 13-Sep-2017 16:20
Send private message

Just read this ARS article on it: https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

 

One word is "ouch" followed by "switch off all your bluetooth"





and


 
 
 
 


2948 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1864604 13-Sep-2017 16:22
Send private message

And if you just feel like watching the YouTube videos:

 

Android:

 

Linux:

 

Windows:





and


258 posts

Ultimate Geek


  # 1864948 14-Sep-2017 09:04
Send private message

Given that this is a newly discovered exploit how likely would there really be something out in the wild? I'm sure given enough time something would appear but in terms of now and the next couple of weeks or so?


2181 posts

Uber Geek

Trusted

  # 1864956 14-Sep-2017 09:06
Send private message

My Pixel is just installing the patch for this now.

 

My old Nexus 6 might not be as lucky.


2181 posts

Uber Geek

Trusted

  # 1864978 14-Sep-2017 09:13
Send private message

Sorry to reply to myself, but Android users there's a vulnerability scanner app here.


1967 posts

Uber Geek


  # 1865039 14-Sep-2017 10:24
Send private message

So, because so many Android phone & tablet Manufacturers abandon mid price devices after release, and NEVER release updates.....(cough cough Samsung)
..Millions of Android users will never see a patch to fix this ?


 
 
 
 


2181 posts

Uber Geek

Trusted

  # 1865067 14-Sep-2017 10:28
2 people support this post
Send private message

1101:

 

So, because so many Android phone & tablet Manufacturers abandon mid price devices after release, and NEVER release updates.....(cough cough Samsung)
..Millions of Android users will never see a patch to fix this ?

 

 

That's right.  Think about all those car head units out there.

 

I wonder how many Samsung TVs etc are vulnerable to this too.  It's a pretty major issue.

 

As much as I hate Samsung and will never, ever buy another one of their terrible phones, they ARE getting better with security updates.  I see that the Galaxy S5, quite an old phone now, got the September patch today.


543 posts

Ultimate Geek

Subscriber

  # 1877371 4-Oct-2017 16:30
2 people support this post
Send private message

Almost a month on now My 1plus5 has finally been patched with the September update.

 

My Android wear watch is still vulnerable and given how long it took for them to get the Android Wear 2.0 patch out I could be waiting awhile.

 

This is definitely the one area Android need to get much better at and fast google making the security patches seperate was good but they should have gone much further in forcing manufactures to update quickly.





Geoff E

67 posts

Master Geek


  # 1877381 4-Oct-2017 17:12
Send private message

My Android phone (Sony Xperia) is just less than 3 years old.  I have to turn off bluetooth now because it no longer gets updates and hasn't for some time, otherwise I am left wide open to who knows what kind of attacks.  It wasn't a cheap phone at the time ($1k) and there is nothing wrong with it, except that I can no longer use bluetooth if I want to make sure I am not vulnerable to this attack.

 

Surely I am not being unreasonable to expect a fix for something that, if not patched, will result in me losing functionality that I paid dearly for?  Or am I wrong? 


2691 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1877401 4-Oct-2017 18:15
Send private message

vyfster: My Android phone (Sony Xperia) is just less than 3 years old.  I have to turn off bluetooth now because it no longer gets updates and hasn't for some time, otherwise I am left wide open to who knows what kind of attacks.  It wasn't a cheap phone at the time ($1k) and there is nothing wrong with it, except that I can no longer use bluetooth if I want to make sure I am not vulnerable to this attack.

 

Surely I am not being unreasonable to expect a fix for something that, if not patched, will result in me losing functionality that I paid dearly for?  Or am I wrong?

 

I'm wondering whether this is a suitable candidate for a CGA claim...?





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.