Английская Википедия:BlueBorne (security vulnerability)
Шаблон:Use dmy dates BlueBorne is a type of security vulnerability with Bluetooth implementations in Android, iOS, Linux and Windows.[1][2][3] It affects many electronic devices such as laptops, smart cars, smartphones and wearable gadgets. One example is Шаблон:CVE. The vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017.[1][2][4][5][6] According to Armis, "The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today [2017]."[1]
History
The BlueBorne security vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017.[1]
Technical Information
The BlueBorne vulnerabilities are a set of 8 separate vulnerabilities.[7] They can be broken down into groups based upon platform and type. There were vulnerabilities found in the Bluetooth code of the Android, iOS, Linux and Windows platforms:[8]
- Linux kernel RCE vulnerability - CVE-2017-1000251[9]
- Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250[10]
- Android information Leak vulnerability - CVE-2017-0785[11]
- Android RCE vulnerability #1 - CVE-2017-0781[12]
- Android RCE vulnerability #2 - CVE-2017-0782[13]
- The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-0783[14]
- The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-8628[15]
- Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315[16]
The vulnerabilities are a mixture of information leak vulnerabilities, remote code execution vulnerability or logical flaw vulnerabilities. The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP (Low Energy Audio Protocol). This vulnerability was only present in older versions of the Apple iOS.[17]
Impact
In 2017, BlueBorne was estimated to potentially affect all the 8.2 billion Bluetooth devices worldwide,[1] although they clarify that 5.3 billion Bluetooth devices are at risk.[18] Many devices are affected, including laptops, smart cars, smartphones and wearable gadgets.[1][2][4][5][6]
In 2018, after one year after the original disclosure, Armis estimated that over 2 billion devices were still vulnerable.[19][20]
Mitigation
Google provides a BlueBorne vulnerability scanner from Armis for Android.[21] ProceduresШаблон:Clarify to help protect devices from the BlueBorne security vulnerabilities were reported by September 2017.[22][23][24]Шаблон:Update after
References
External links
Шаблон:Hacking in the 2010s Шаблон:Portal bar
- ↑ 1,0 1,1 1,2 1,3 1,4 1,5 Шаблон:Cite news
- ↑ 2,0 2,1 2,2 Шаблон:Cite news
- ↑ Шаблон:Cite web
- ↑ 4,0 4,1 Шаблон:Cite magazine
- ↑ 5,0 5,1 Шаблон:Cite web
- ↑ 6,0 6,1 Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web