IoT attack vector 'BlueBorne' to exploit Bluetooth in hacking devices and OS

IoT attack vector 'BlueBorne' to exploit Bluetooth in hacking devices and OS

Once a device is infected with malware, it can then easily broadcast the malware to other Bluetooth-enabled devices in its vicinity, either inside an office or in more public locations.

It's thought to be the most widescale set of vulnerabilities based on the number of devices affected.

Armis says it affects computers running Windows and Linux as well as IoT gadgets and mobile devices powered by Android and iOS.

There is no need for a target device to be paired, Armis said.

As concerning as such an exploit is, consumers should take comfort in the fact that not only are the flaws fixable but some manufacturers have already taken steps to patch the vulnerabilities and keep users safe.

The popular personal area network Bluetooth protocol used by nearly every modern mobile device is full of security holes that can be exploited by attackers, researchers have found. Microsoft issued a patch for the vulnerabilities in July as part of its monthly security updates but did not specify that it had done so, instead specifying this only in its September security updates on Tuesday.

FCA issues total loss warning on Bitcoin boom
As a result, investors are "extremely unlikely" to have the safety net of United Kingdom regulatory protections. Each promoter needs to consider whether their activities amount to regulated activities under the relevant law.

Bluetooth is widely implemented in billions of devices, and almost all of those devices need to be patched for a new set of Bluetooth vulnerabilities dubbed BlueBorne.

The vulnerabilities were found in the Bluetooth implementations in Android, Microsoft, Linux and iOS versions pre-iOS 10.

"BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices". There is no indication to date that the BlueBorne vulnerabilities have been exploited in the wild by attackers.

Unlike traditional cyberattacks, the Bluetooth method doesn't need a victim to fall for a malware-ridden link or download a booby-trapped document.

The vulnerability uncovered by Armis in older versions of iOS had been fixed by Apple in iOS 10 and Apple TV 7.2.2.

Linux kernels since 3.3-rc1 are affected and so are all Linux devices running the BlueZ stack.

Barzani vows to press on with Kurdish referendum, defying Iraq parliament
The Iraqi Kurdish parliament is expected to meet on Thursday for the first time since October 2015 in response to the decision, according to officials.

A technical report on the BlueBorne flaws is available here.

As for Google, the company said that its Android partners received the patch in early August. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here.

Google is patching Android 4.4.4 KitKat and later, leaving fewer than one-in-ten older Android devices without the patches.

Armis has released a white paper that describes the how the vulnerability works and how it can be exploited.

"Imagine there's a WannaCry on Bluetooth, where attackers can deposit ransomware on the device, and tell it to find other devices on Bluetooth and spread it automatically".

Armis said that it's seen two main issues with how platform vendors have implemented the Bluetooth protocol: Either the platform vendors followed the implementation guidelines word for word, which has led to the same Bluetooth bug to exist on both Android and Windows, or in some areas, the Bluetooth specifications have left too much room for interpretation, which opened the possibility for multiple bugs to exist in various implementations. "The research illustrates the types of threats facing us in this new connected age". "Because you can use Bluetooth to connect a mouse or keyboard to an Android device, now I can run it", Seri explained.

Seattle Mayor Resigns Amid Sexual Abuse Allegations
The declaration states that Murray molested Dyer over the course of a year. As mayor he pushed to raise the city's minimum hourly wage to $15.

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

  • United Nations unanimously backs new sanctions on North Korea

    The initial text included a total ban on oil imports, a measure seen by some analysts as potentially destabilising for the regime. Moreover, the Chinese have important reasons for not wanting to make the North Koreans eat grass.
    Pep: Why Man City Failed To Sign Sanchez

    Pep: Why Man City Failed To Sign Sanchez

    Bravo played his first minutes of the season on Saturday after coming on as a 46th minute substitute for Ederson Moraes. "This time it was not possible, but hopefully we have him here in the future".

    Sirius XM Holdings Inc. (SIRI) Stock in the Investor Spotlight

    Note, this compares with a consensus analyst forecast of 0.04 in earnings per share for its next fiscal quarterly report. Traders are a little more bullish on Sirius XM Holdings Inc. if you pay attention to the downtick in short interest.
  • Jamie Dimon Slams Bitcoin as a 'Fraud'

    Jamie Dimon Slams Bitcoin as a 'Fraud'

    CBOE has applied with US regulators to launch a bitcoin futures contract and a bitcoin exchange traded fund on its venues. Chief Executive Officer Jamie Dimon came out with guns blazing Tuesday at the Delivering Alpha conference.
    U.S.  stops short of admonishing Myanmar for attacks on Rohingya

    U.S. stops short of admonishing Myanmar for attacks on Rohingya

    Bangladesh officials said they had proposed joint patrolling along the border but did not receive a response from Myanmar. Suu Kyi should follow the democratic principles of her father to accommodate them in Rakhine State itself".
    Analyzing Analyst Recommendations: Acorda Therapeutics, Inc. (ACOR), Hewlett Packard Enterprise Company (HPE)

    Analyzing Analyst Recommendations: Acorda Therapeutics, Inc. (ACOR), Hewlett Packard Enterprise Company (HPE)

    Over the last five days, shares have faced -6.71% losses and now is down -2.3% since hitting its 200-day moving average of $13.67. JPMorgan Chase & Co. owned 0.92% of Hewlett Packard Enterprise worth $250,075,000 at the end of the most recent reporting period.
  • Paul Pogba Exits United's Champions League Win on Crutches

    There was a collective intake of breath from the home crowd as Pogba hobbled down the touchline. I just know from experience it's a muscular injury.

    Breaking Down the Chart for The Cheesecake Factory Incorporated (CAKE)

    These funds have shifted positions in ( CAKE ). 23,838 were reported by Cubist Systematic Strategies Ltd Liability Company. Lpl Finance reported 3,645 shares. 282,937 were accumulated by Blackrock Investment Management Ltd Liability Corporation.
    'Monster' fatberg found blocking sewer

    'Monster' fatberg found blocking sewer

    The Thames statement said an eight-person crew is working seven-days a week to clear the blockage, greasy chunk by chunk. Sewer workers investigating the 'berg say that over time it has solidified, and is now as hard to remove as concrete.
  • AWOL Costa To End Chelsea Nightmare In R930m Transfer

    AWOL Costa To End Chelsea Nightmare In R930m Transfer

    Costa has been included in Antonio Conte's Premier League squad but it is not expected to play a single game. The Spain global has hit the ground running at Chelsea following his £70m move from Real Madrid this summer.
    9 now dead after shooting in Texas

    9 now dead after shooting in Texas

    A lot of prayers have been said at the corner of Blue Ridge Trail and Spring Creek Parkway in Plano over the past day and a half. Authorities in North Texas say several people are dead, including the suspect, after a shooting at the Plano home.

    Trading Monitor: Delta Air Lines Inc (DAL) Stock Topping Chikou Line

    Following the transaction, the chief executive officer now owns 232,302 shares of the company's stock, valued at $9,582,457.50. The highest price DAL stock touched in the last 12 month was $55.75 and the lowest price it hit in the same period was $36.59.