Billions of Bluetooth Devices Could Get Hit by This Attack

Discussion in '[H]ard|OCP Front Page News' started by Megalith, Sep 12, 2017.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    11,092
    Joined:
    Aug 20, 2006
    Researchers at internet of things company Armis Labs warn that more than 5.3 billion devices with Bluetooth signals are at risk of a "highly infectious" malware attack: that's most of the estimated 8.2 billion devices that use Bluetooth, which allows for our gadgets to connect and communicate wirelessly. The attack, BlueBorne, can spread without the victim doing anything or noticing it. All hackers need to spread malware is for their victims' devices to have Bluetooth turned on.

    Google, Microsoft, and Apple have released patches for the vulnerability. Apple confirmed that BlueBorne is not an issue for its mobile operating system, iOS 10, or later, but Armis noted that all iOS devices with 9.3.5 or older versions are vulnerable. Microsoft released a patch for its computers in July, and anybody who updated would be protected automatically, a spokesman said. Google said Android partners received the patch in early August, but it's up to the carriers to release the updates. Pixel devices have already received the updates.
     
  2. auntjemima

    auntjemima 2[H]4U

    Messages:
    2,583
    Joined:
    Mar 1, 2014
    Being a Google flagship device is nice.
     
    ZeqOBpf6 likes this.
  3. Staples

    Staples [H]ardness Supreme

    Messages:
    7,471
    Joined:
    Jul 18, 2001
    Just another exploit that billions of Android devices will vulnerable to. And they will never be patched.
     
  4. Gigus Fire

    Gigus Fire [H]ard|Gawd

    Messages:
    1,986
    Joined:
    Oct 14, 2004
    There's no details on how this works. As far as i know with bluetooth you have to pair devices together, it doesn't just automatically connect to everything around it. Then there's how you transfer files across bluetooth which requires the right services. It's hard enough to do anything other than audio streaming on bluetooth.
    Something is very fishy about this whole thing.
     
  5. gigaxtreme1

    gigaxtreme1 2[H]4U

    Messages:
    2,978
    Joined:
    Oct 1, 2002
    Look for people using this and other various exploits to steal your identity at the market. I turn everything off even wifi. All they would have to do is emulate your headset to gain access.You headset is visible.
     
  6. trparky

    trparky Limp Gawd

    Messages:
    482
    Joined:
    Jul 23, 2009
    Can this exploit attack Bluetooth devices such as Bluetooth headphones/earbuds?
     
  7. Gasaraki_

    Gasaraki_ Limp Gawd

    Messages:
    415
    Joined:
    Oct 27, 2016
    I love experts on HardOCP. Thanks, I feel safer already, Gigus Fire says it's an non-issue.
     
  8. SDplus

    SDplus [H]Lite

    Messages:
    105
    Joined:
    May 11, 2012
    How is it that the security update pushed out on 2017-09-11 and installed on my LG V20 still leaves it vulnerable to this... ?
    LG apparently is not on their toes on this issue.
     
  9. PaulP

    PaulP Limp Gawd

    Messages:
    288
    Joined:
    Oct 31, 2016
    The youtube video was not very detailed, but did insist that no pairing is required to compromise the target device. I suspect a flaw in the discovery hand-shake, but regardless, if you aren't sure, it would seem to be wise to turn off blue tooth on all your devices if you don't absolutely need it. At least until you know the device is patched. I doubt my old Moto-X will be getting patched. I've been very happy with it so far, and it still meets my needs (and is paid for), but now I need to consider getting a new handset. I like the hands-free mode when driving the Jeep, and that relies on blue tooth.
     
  10. Gigus Fire

    Gigus Fire [H]ard|Gawd

    Messages:
    1,986
    Joined:
    Oct 14, 2004
    I didn't say that at all, i said it sounds really fishy.
     
    GoldenTiger likes this.
  11. DPI

    DPI [H]ardForum Junkie

    Messages:
    10,038
    Joined:
    Apr 20, 2013
    "This one weird Bluetooth attack everyone in <user_city> is talking about"
     
  12. bigstusexy

    bigstusexy 2[H]4U

    Messages:
    3,141
    Joined:
    Jan 28, 2002
    The video sounds like a briefing in some Tom Clancy game. I could do without the worrying music and processing on the vocals.
     
  13. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,225
    Joined:
    Dec 15, 2003
    And that's the problem. Once a product is released, the manufacturers are already working on next year's version. Carriers don't care.

    Hate to say it, but Android needs to take a look at how Windows is setup. Manufacturing partners can create software and drivers that interact with the core OS, but they can't modify the core OS. MS provides enough API hooks that it's a non-issue most of the time. Custom chipsets/modules that are device specific are designed with this structure in mind, so they have to create proper drivers and not just hack together a solution that modifies the core framework.

    If an Android manufacturer wants to fork the OS, they can do so, but they should lose the right to use the Android trademarks. Devices labeled as Android should be able to get patches directly from the main security branch, not through a series of middlemen. They could still have their own launchers/apps, as those would be software.
     
    Last edited: Sep 12, 2017
  14. trparky

    trparky Limp Gawd

    Messages:
    482
    Joined:
    Jul 23, 2009
    And why should they care? Seriously... why should they? I mean this way of thinking brings in the cash by the semi-truck full every time a new device comes out. Hell, it's practically a money printing machine!!!

    Android OEM's way to make tons of money
    1. Release new product.
    2. Advertise the hell out of it.
    3. Sit back and rake in the cash.
    4. Repeat steps 1 through 4 all over again until the end of time.

    No, what they should be doing is taking a page out of the Apple book and telling the carriers to go fuck themselves. It's our device, you keep your dirty little hands out of it. No bloat, no added shit, no nothing. Anything that the carrier wants to add needs to be added through the Google Play Store and must be able to be removed with no questions asked.

    Apple essentially did that and look at them now, they have complete control over the entire ecosystem; vertical integration at its best. The hardware and software is married together in a way no other company can reproduce, this of course makes for an ecosystem that just plain works. And best of all, the carriers have no say-so in the matter and if you ask me... like Grumpy Cat said, "Good."
     
    CompuDrew likes this.
  15. Skillz

    Skillz [H]ard DCOTM Jan 16 March 17

    Messages:
    18,655
    Joined:
    Aug 14, 2004
    The problem with that approach is it takes away the "open-source" feature that Android brings to the table.
     
  16. SmokeRngs

    SmokeRngs [H]ard|DCer of the Month - April 2008

    Messages:
    16,690
    Joined:
    Aug 9, 2001
    I'm quite relieved.

    I don't use bluetooth anything and have it disabled. I've never cared for bluetooth and all the problems and headaches it has always had.
     
    CacaSapo likes this.
  17. trparky

    trparky Limp Gawd

    Messages:
    482
    Joined:
    Jul 23, 2009
    I have said it before and I'll say it again... Open Source is great until someone comes along and pisses in the corn flakes.

    Open Source is great and all until someone abuses their power and that's exactly what the carriers have done, they have outright abused their power and overstayed their welcome. They need to be given a good swift kick in their collective asses and shoved out the door and told never to come back again.
     
  18. bbs lm-r

    bbs lm-r Limp Gawd

    Messages:
    270
    Joined:
    Sep 2, 2010
     
  19. CacaSapo

    CacaSapo Limp Gawd

    Messages:
    396
    Joined:
    Feb 22, 2010
    At least we still have our headphone jacks, for now.
     
  20. Frobozz

    Frobozz [H]ard|Gawd

    Messages:
    1,632
    Joined:
    Feb 15, 2002
    BlueBoned
     
  21. Betaboy1983

    Betaboy1983 [H]ard|Gawd

    Messages:
    1,163
    Joined:
    Dec 31, 2008
    Come on now, I think he made a good point. But since you got out the fire poker, don't forget the experts that watch trendy YouTube videos while in a state of panic.

    To save time with I'll also add:

    And the experts that watch trendy YouTube videos while feeling hubristic.