fbpx
Wikipedia

BlueBorne (security vulnerability)

November 01, 2023

BlueBorne is a type of security vulnerability with Bluetooth implementations in Android, iOS, Linux and Windows.[1][2][3] It affects many electronic devices such as laptops, smart cars, smartphones and wearable gadgets. One example is CVE-2017-14315. The vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017.[1][2][4][5][6] According to Armis, "The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today [2017]."[1]

History edit

The BlueBorne security vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017.[1]

Technical Information edit

The BlueBorne vulnerabilities are a set of 8 separate vulnerabilities.[7] They can be broken down into groups based upon platform and type. There were vulnerabilities found in the Bluetooth code of the Android, iOS, Linux and Windows platforms:[8]

  • Linux kernel RCE vulnerability - CVE-2017-1000251[9]
  • Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250[10]
  • Android information Leak vulnerability - CVE-2017-0785[11]
  • Android RCE vulnerability #1 - CVE-2017-0781[12]
  • Android RCE vulnerability #2 - CVE-2017-0782[13]
  • The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-0783[14]
  • The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-8628[15]
  • Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315[16]

The vulnerabilities are a mixture of information leak vulnerabilities, remote code execution vulnerability or logical flaw vulnerabilities. The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP (Low Energy Audio Protocol). This vulnerability was only present in older versions of the Apple iOS.[17]

Impact edit

In 2017, BlueBorne was estimated to potentially affect all of the 8.2 billion Bluetooth devices worldwide,[1] although they clarify that 5.3 billion Bluetooth devices are at risk.[18] Many devices are affected, including laptops, smart cars, smartphones and wearable gadgets.[1][2][4][5][6]

In 2018, after one year after the original disclosure, Armis estimated that over 2 billion devices were still vulnerable.[19][20]

Mitigation edit

Google provides a BlueBorne vulnerability scanner from Armis for Android.[21] Procedures[clarification needed] to help protect devices from the BlueBorne security vulnerabilities were reported by September 2017.[22][23][24][needs update]

References edit

  1. ^ a b c d e f Staff (12 September 2017). "The Attack Vector "BlueBorne" Exposes Almost Every Connected Device". Armis.com. Retrieved 5 January 2018.
  2. ^ a b c Staff (12 September 2017). (PDF). Armis.com. Archived from the original (PDF) on 20 December 2017. Retrieved 5 January 2018.
  3. ^ Biggs, Jpohn (12 September 2017). "New Bluetooth vulnerability can hack a phone in 10 seconds". TechCrunch. Retrieved 5 January 2018.
  4. ^ a b Newman, Lily Hay (13 September 2017). "Hey, Turn Bluetooth Off When You're Not Using It". Wired. Retrieved 5 January 2018.
  5. ^ a b Hildenbrand, Jerry (16 September 2017). "Let's talk about Blueborne, the latest Bluetooth vulnerability". AndroidCentral.com. Retrieved 5 January 2018.
  6. ^ a b Kerner, Sean Michael (12 September 2017). "BlueBorne Bluetooth Flaws Put Billions of Devices at Risk". eWeek. Retrieved 5 January 2018.
  7. ^ "BlueBorne Whitepaper" (PDF). (PDF) from the original on 5 May 2020.
  8. ^ "An Analysis of BlueBorne: Bluetooth Security Risks". Decipher. Retrieved 28 July 2021.
  9. ^ "NVD - CVE-2017-1000251". nvd.nist.gov. Retrieved 28 July 2021.
  10. ^ "NVD - CVE-2017-1000250". nvd.nist.gov. Retrieved 28 July 2021.
  11. ^ "NVD - CVE-2017-0785". nvd.nist.gov. Retrieved 28 July 2021.
  12. ^ "NVD - CVE-2017-0781". nvd.nist.gov. Retrieved 28 July 2021.
  13. ^ "NVD - CVE-2017-0782". nvd.nist.gov. Retrieved 28 July 2021.
  14. ^ "NVD - CVE-2017-0783". nvd.nist.gov. Retrieved 28 July 2021.
  15. ^ "NVD - CVE-2017-8628". nvd.nist.gov. Retrieved 28 July 2021.
  16. ^ "NVD - CVE-2017-14315". nvd.nist.gov. Retrieved 28 July 2021.
  17. ^ "What is BlueBorne? An Apple Device FAQ". The Mac Security Blog. 22 September 2017. Retrieved 28 July 2021.
  18. ^ Smith, Ms (12 September 2017). "5.3 billion devices at risk for invisible, infectious Bluetooth attack". CSO Online. Retrieved 28 July 2021.
  19. ^ Osborne, Charlie. "Two billion devices still vulnerable to Blueborne flaws a year after discovery". ZDNet. Retrieved 28 July 2021.
  20. ^ "BlueBorne: One Year Later". Armis. 13 September 2018. Retrieved 28 July 2021.
  21. ^ Staff (12 September 2017). "BlueBorne Vulnerability Scanner by Armis - 2017". Google. Retrieved 5 January 2018.
  22. ^ Staff (15 September 2017). "Information on new BlueBorne security vulnerability". Cornell University. Retrieved 5 January 2018.
  23. ^ Meyer, David (13 September 2017). "How to Check If You're Exposed to Those Scary BlueBorne Bluetooth Flaws". Fortune. Retrieved 5 January 2018.
  24. ^ Geiger, Erik (20 September 2017). . Wisconsin University. Archived from the original on 5 January 2018. Retrieved 5 January 2018.

External links edit

  • Official website

November 01, 2023
blueborne, security, vulnerability, blueborne, type, security, vulnerability, with, bluetooth, implementations, android, linux, windows, affects, many, electronic, devices, such, laptops, smart, cars, smartphones, wearable, gadgets, example, 2017, 14315, vulne. BlueBorne is a type of security vulnerability with Bluetooth implementations in Android iOS Linux and Windows 1 2 3 It affects many electronic devices such as laptops smart cars smartphones and wearable gadgets One example is CVE 2017 14315 The vulnerabilities were first reported by Armis the asset intelligence cybersecurity company on 12 September 2017 1 2 4 5 6 According to Armis The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities estimated at over 8 2 billion devices today 2017 1 Contents 1 History 2 Technical Information 3 Impact 4 Mitigation 5 References 6 External linksHistory editThe BlueBorne security vulnerabilities were first reported by Armis the asset intelligence cybersecurity company on 12 September 2017 1 Technical Information editThe BlueBorne vulnerabilities are a set of 8 separate vulnerabilities 7 They can be broken down into groups based upon platform and type There were vulnerabilities found in the Bluetooth code of the Android iOS Linux and Windows platforms 8 Linux kernel RCE vulnerability CVE 2017 1000251 9 Linux Bluetooth stack BlueZ information Leak vulnerability CVE 2017 1000250 10 Android information Leak vulnerability CVE 2017 0785 11 Android RCE vulnerability 1 CVE 2017 0781 12 Android RCE vulnerability 2 CVE 2017 0782 13 The Bluetooth Pineapple in Android Logical Flaw CVE 2017 0783 14 The Bluetooth Pineapple in Windows Logical Flaw CVE 2017 8628 15 Apple Low Energy Audio Protocol RCE vulnerability CVE 2017 14315 16 The vulnerabilities are a mixture of information leak vulnerabilities remote code execution vulnerability or logical flaw vulnerabilities The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP Low Energy Audio Protocol This vulnerability was only present in older versions of the Apple iOS 17 Impact editIn 2017 BlueBorne was estimated to potentially affect all of the 8 2 billion Bluetooth devices worldwide 1 although they clarify that 5 3 billion Bluetooth devices are at risk 18 Many devices are affected including laptops smart cars smartphones and wearable gadgets 1 2 4 5 6 In 2018 after one year after the original disclosure Armis estimated that over 2 billion devices were still vulnerable 19 20 Mitigation editGoogle provides a BlueBorne vulnerability scanner from Armis for Android 21 Procedures clarification needed to help protect devices from the BlueBorne security vulnerabilities were reported by September 2017 22 23 24 needs update References edit a b c d e f Staff 12 September 2017 The Attack Vector BlueBorne Exposes Almost Every Connected Device Armis com Retrieved 5 January 2018 a b c Staff 12 September 2017 BlueBorne Protecting the Enterprise from BlueBorne PDF Armis com Archived from the original PDF on 20 December 2017 Retrieved 5 January 2018 Biggs Jpohn 12 September 2017 New Bluetooth vulnerability can hack a phone in 10 seconds TechCrunch Retrieved 5 January 2018 a b Newman Lily Hay 13 September 2017 Hey Turn Bluetooth Off When You re Not Using It Wired Retrieved 5 January 2018 a b Hildenbrand Jerry 16 September 2017 Let s talk about Blueborne the latest Bluetooth vulnerability AndroidCentral com Retrieved 5 January 2018 a b Kerner Sean Michael 12 September 2017 BlueBorne Bluetooth Flaws Put Billions of Devices at Risk eWeek Retrieved 5 January 2018 BlueBorne Whitepaper PDF Archived PDF from the original on 5 May 2020 An Analysis of BlueBorne Bluetooth Security Risks Decipher Retrieved 28 July 2021 NVD CVE 2017 1000251 nvd nist gov Retrieved 28 July 2021 NVD CVE 2017 1000250 nvd nist gov Retrieved 28 July 2021 NVD CVE 2017 0785 nvd nist gov Retrieved 28 July 2021 NVD CVE 2017 0781 nvd nist gov Retrieved 28 July 2021 NVD CVE 2017 0782 nvd nist gov Retrieved 28 July 2021 NVD CVE 2017 0783 nvd nist gov Retrieved 28 July 2021 NVD CVE 2017 8628 nvd nist gov Retrieved 28 July 2021 NVD CVE 2017 14315 nvd nist gov Retrieved 28 July 2021 What is BlueBorne An Apple Device FAQ The Mac Security Blog 22 September 2017 Retrieved 28 July 2021 Smith Ms 12 September 2017 5 3 billion devices at risk for invisible infectious Bluetooth attack CSO Online Retrieved 28 July 2021 Osborne Charlie Two billion devices still vulnerable to Blueborne flaws a year after discovery ZDNet Retrieved 28 July 2021 BlueBorne One Year Later Armis 13 September 2018 Retrieved 28 July 2021 Staff 12 September 2017 BlueBorne Vulnerability Scanner by Armis 2017 Google Retrieved 5 January 2018 Staff 15 September 2017 Information on new BlueBorne security vulnerability Cornell University Retrieved 5 January 2018 Meyer David 13 September 2017 How to Check If You re Exposed to Those Scary BlueBorne Bluetooth Flaws Fortune Retrieved 5 January 2018 Geiger Erik 20 September 2017 BlueBorne Exposes Millions of Bluetooth Devices Wisconsin University Archived from the original on 5 January 2018 Retrieved 5 January 2018 External links editOfficial website Portal nbsp Business and economics Retrieved from https en wikipedia org w index php title BlueBorne security vulnerability amp oldid 1180458442, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.