Board Stats

  • stats Total de Usuarios: 23304
  • stats Total de Mensajes: 108273
  • stats Total de Temas: 10416
  • stats Total de Categorías: 15
  • stats Total de Foros: 74
  • stats Máx. usuarios conectados (simultáneamente): 1021

Ultimo registro



Autor Tema: BlueBorne - miles de millones de dispositivos Bluetooth afectados  (Leído 2687 veces)

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 23113
  • Mari
    • WirelessWindows
BlueBorne - miles de millones de dispositivos Bluetooth afectados
« en: Septiembre 21, 2017, 21:14:03 pm »


<a href="http://www.youtube.com/watch?v=LLNtZKpL0P8" target="_blank">http://www.youtube.com/watch?v=LLNtZKpL0P8</a>








Hace unos días la empresa de seguridad Armis publicó una serie de vulnerabilidades muy graves en el protocolo Bluetooth:


What Is BlueBorne?

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

¿Qué es BlueBorne?

BlueBorne es un vector de ataque por el que los hackers pueden aprovechar las conexiones Bluetooth para penetrar y tomar el control total sobre los dispositivos objetivo. BlueBorne afecta a las computadoras ordinarias, los teléfonos móviles y el ámbito en expansión de los dispositivos IoT. El ataque no requiere que el dispositivo objetivo se empareje con el dispositivo del atacante, o incluso que se fije en modo detectable. Armis Labs ha identificado hasta ahora ocho vulnerabilidades de día cero, que indican la existencia y el potencial del vector de ataque. Armis cree que muchas más vulnerabilidades esperan ser descubiertas en las diversas plataformas que usan Bluetooth. Estas vulnerabilidades son plenamente operativas y pueden ser aprovechadas con éxito, como lo demuestra nuestra investigación. El vector de ataque BlueBorne puede ser usado para llevar a cabo una amplia gama de ofensas, incluyendo la ejecución remota de código así como ataques Man-in-The-Middle.

What Is The Risk?

The BlueBorne attack vector has several qualities which can have a devastating effect when combined. By spreading through the air, BlueBorne targets the weakest spot in the networks’ defense – and the only one that no security measure protects. Spreading from device to device through the air also makes BlueBorne highly infectious. Moreover, since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device.

Unfortunately, this set of capabilities is extremely desireable to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices like the Mirai Botnet or mobile devices as with the recent WireX Botnet. The BlueBorne attack vector surpasses the capabilities of most attack vectors by penetrating secure “air-gapped” networks which are disconnected from any other network, including the internet.


¿Cuál es el riesgo?

El vector de ataque BlueBorne tiene varias cualidades que pueden tener un efecto devastador cuando se combina. Al extenderse por el aire, BlueBorne apunta al punto más débil en la defensa de las redes - y el único que ninguna medida de seguridad protege. El esparcimiento de dispositivo en dispositivo a través del aire también hace que BlueBorne sea altamente infeccioso. Además, dado que el proceso Bluetooth tiene altos privilegios en todos los sistemas operativos, su explotación proporciona un control virtualmente completo sobre el dispositivo.

Desafortunadamente, este conjunto de capacidades es extremadamente deseable para un hacker. BlueBorne puede servir a cualquier objetivo malicioso, como el espionaje cibernético, el robo de datos, el rescate de software, e incluso la creación de grandes botnets a partir de dispositivos IOT como el Mirai Botnet o dispositivos móviles como con el reciente WireX Botnet. El vector de ataque BlueBorne sobrepasa las capacidades de la mayoría de los vectores de ataque penetrando en redes seguras con "aberturas de aire" que se desconectan de cualquier otra red, incluyendo Internet.


(..)  continua en el articulo original..




BlueBorne (así se denomina el vector de ataque) deja comprometidos a miles de millones de dispositivos con capacidad Bluetooth y aunque ya se han publicado parches para sistemas operativos como linux la desfragmentanción del sistema Android puede dar paso a una brecha muy grave de corregir.   Está por ver si los fabricantes entregan un parche..  mientras tanto mejor tener desactivado el Bluetooth de tu dispositivo.


Citar

Affected Devices

The threat posed by the vulnerabilities Armis disclosed

The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use. This means almost every computer, mobile device, smart TV or other IoT device running on one of these operating systems is endangered by at least one of the eight vulnerabilities. This covers a significant portion of all connected devices globally.

What Devices Are Affected?

Android

All Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions are affected by four vulnerabilities found in the Android operating system, two of which allow remote code execution (CVE-2017-0781 and CVE-2017-0782), one results in information leak (CVE-2017-0785) and the last allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-0783).

Examples of impacted devices:

Google Pixel
Samsung Galaxy
Samsung Galaxy Tab
LG Watch Sport
Pumpkin Car Audio System

Google has issued a security update patch and notified its partners. It was available to Android partners on August 7th, 2017, and made available as part of the September Security Update and Bulletin on September 4, 2017. We recommend that users check that Bulletin for the latest most accurate information. Android users should verify that they have the September 9, 2017 Security Patch Level,
Note to Android users: To check if your device is at risk or is the devices around you are at risk, download the Armis BlueBorne Scanner App on Google Play.

Windows

All Windows computers since Windows Vista are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-8628).

Microsoft issued has security patches to all supported Windows versions on July 11, 2017, with coordinated notification on Tuesday, September 12. We recommend that Windows users should check with the Microsoft release at here for the latest information.

Linux

Linux is the underlying operating system for a wide range of devices. The most commercial, and consumer-oriented platform based on Linux is the Tizen OS.

All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250).
All Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (CVE-2017-1000251)

Examples of impacted devices:

Samsung Gear S3 (Smartwatch)
Samsung Smart TVs
Samsung Family Hub (Smart refrigerator)

Patches to Linux vulnerabilities have been pushed to the upstream projects. The information leak vulnerability was patched here, and the remote code execution was patched here Linux distributions have started to push updates as well, please look for specific updates made by your distribution.

iOS

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability (CVE-2017-14315). This vulnerability was already mitigated by Apple in iOS 10, so no new patch is needed to mitigate it. We recommend you upgrade to the latest iOS or tvOS available.

If you are concerned that your device may not be patched, we recommend disabling Bluetooth, and minimizing its use until you can confirm a patch is issued and installed on your device.



La empresa de seguridad Armis ha puesto a disposición de los usuarios de Android una aplicación para comprobar si el dispositivo o dispositivos a su alrededor están afectados por BlueBorne

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  / Google Play.

Recomiendo leer detenidamente la exposición de la brecha en la web de Armis:

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.



Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.