Billions of Bluetooth Devices Could Get Hit by This Attack

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Researchers at internet of things company Armis Labs warn that more than 5.3 billion devices with Bluetooth signals are at risk of a "highly infectious" malware attack: that's most of the estimated 8.2 billion devices that use Bluetooth, which allows for our gadgets to connect and communicate wirelessly. The attack, BlueBorne, can spread without the victim doing anything or noticing it. All hackers need to spread malware is for their victims' devices to have Bluetooth turned on.

Google, Microsoft, and Apple have released patches for the vulnerability. Apple confirmed that BlueBorne is not an issue for its mobile operating system, iOS 10, or later, but Armis noted that all iOS devices with 9.3.5 or older versions are vulnerable. Microsoft released a patch for its computers in July, and anybody who updated would be protected automatically, a spokesman said. Google said Android partners received the patch in early August, but it's up to the carriers to release the updates. Pixel devices have already received the updates.
 
There's no details on how this works. As far as i know with bluetooth you have to pair devices together, it doesn't just automatically connect to everything around it. Then there's how you transfer files across bluetooth which requires the right services. It's hard enough to do anything other than audio streaming on bluetooth.
Something is very fishy about this whole thing.
 
Look for people using this and other various exploits to steal your identity at the market. I turn everything off even wifi. All they would have to do is emulate your headset to gain access.You headset is visible.
 
Can this exploit attack Bluetooth devices such as Bluetooth headphones/earbuds?
 
Gigus Fire said:
There's no details on how this works. As far as i know with bluetooth you have to pair devices together, it doesn't just automatically connect to everything around it. Then there's how you transfer files across bluetooth which requires the right services. It's hard enough to do anything other than audio streaming on bluetooth.
Something is very fishy about this whole thing.
Click to expand...

I love experts on HardOCP. Thanks, I feel safer already, Gigus Fire says it's an non-issue.
 
How is it that the security update pushed out on 2017-09-11 and installed on my LG V20 still leaves it vulnerable to this... ?
LG apparently is not on their toes on this issue.
 
The youtube video was not very detailed, but did insist that no pairing is required to compromise the target device. I suspect a flaw in the discovery hand-shake, but regardless, if you aren't sure, it would seem to be wise to turn off blue tooth on all your devices if you don't absolutely need it. At least until you know the device is patched. I doubt my old Moto-X will be getting patched. I've been very happy with it so far, and it still meets my needs (and is paid for), but now I need to consider getting a new handset. I like the hands-free mode when driving the Jeep, and that relies on blue tooth.
 
The video sounds like a briefing in some Tom Clancy game. I could do without the worrying music and processing on the vocals.
 
Google said Android partners received the patch in early August, but it's up to the carriers to release the updates.
Click to expand...

And that's the problem. Once a product is released, the manufacturers are already working on next year's version. Carriers don't care.

Hate to say it, but Android needs to take a look at how Windows is setup. Manufacturing partners can create software and drivers that interact with the core OS, but they can't modify the core OS. MS provides enough API hooks that it's a non-issue most of the time. Custom chipsets/modules that are device specific are designed with this structure in mind, so they have to create proper drivers and not just hack together a solution that modifies the core framework.

If an Android manufacturer wants to fork the OS, they can do so, but they should lose the right to use the Android trademarks. Devices labeled as Android should be able to get patches directly from the main security branch, not through a series of middlemen. They could still have their own launchers/apps, as those would be software.
 
Last edited:
Spidey329 said:
Once a product is released, the manufacturers are already working on next year's version. Carriers don't care.
Click to expand...
And why should they care? Seriously... why should they? I mean this way of thinking brings in the cash by the semi-truck full every time a new device comes out. Hell, it's practically a money printing machine!!!

Android OEM's way to make tons of money
1. Release new product.
2. Advertise the hell out of it.
3. Sit back and rake in the cash.
4. Repeat steps 1 through 4 all over again until the end of time.

Spidey329 said:
Hate to say it, but Android needs to take a look at how Windows is setup.
Click to expand...
No, what they should be doing is taking a page out of the Apple book and telling the carriers to go fuck themselves. It's our device, you keep your dirty little hands out of it. No bloat, no added shit, no nothing. Anything that the carrier wants to add needs to be added through the Google Play Store and must be able to be removed with no questions asked.

Apple essentially did that and look at them now, they have complete control over the entire ecosystem; vertical integration at its best. The hardware and software is married together in a way no other company can reproduce, this of course makes for an ecosystem that just plain works. And best of all, the carriers have no say-so in the matter and if you ask me... like Grumpy Cat said, "Good."
 
trparky said:
No, what they should be doing is taking a page out of the Apple book and telling the carriers to go fuck themselves. It's our device, you keep your dirty little hands out of it. No bloat, no added shit, no nothing. Anything that the carrier wants to add needs to be added through the Google Play Store and must be able to be removed with no questions asked.

Apple essentially did that and look at them now, they have complete control over the entire ecosystem; vertical integration at its best. The hardware and software is married together in a way no other company can reproduce, this of course makes for an ecosystem that just plain works. And best of all, the carriers have no say-so in the matter and if you ask me... like Grumpy Cat said, "Good."
Click to expand...

The problem with that approach is it takes away the "open-source" feature that Android brings to the table.
 
I'm quite relieved.

I don't use bluetooth anything and have it disabled. I've never cared for bluetooth and all the problems and headaches it has always had.
 
Skillz said:
The problem with that approach is it takes away the "open-source" feature that Android brings to the table.
Click to expand...
I have said it before and I'll say it again... Open Source is great until someone comes along and pisses in the corn flakes.

Open Source is great and all until someone abuses their power and that's exactly what the carriers have done, they have outright abused their power and overstayed their welcome. They need to be given a good swift kick in their collective asses and shoved out the door and told never to come back again.
 
bbs lm-r said:
bbs lm-r said:
Mr-Robot-Untapped-Cities-Times-Square-MTA-USA-Sam-Esmail-TV-Film-Locations-NYC.jpg
Click to expand...
Click to expand...
 
Gasaraki_ said:
I love experts on HardOCP. Thanks, I feel safer already, Gigus Fire says it's an non-issue.
Click to expand...

Come on now, I think he made a good point. But since you got out the fire poker, don't forget the experts that watch trendy YouTube videos while in a state of panic.

To save time with I'll also add:

And the experts that watch trendy YouTube videos while feeling hubristic.
 
You must log in or register to reply here.
Back
Top