Blueborne – Don’t Panic!

September 12, 2017, Communications Team, Coalfire

Here is what we know right now:

  • Security company Armis recently released research identifying eight newly discovered vulnerabilities that exist in the wireless communications protocol Bluetooth, which could potentially affect a large percentage of the estimated 8.2 billion Bluetooth enabled devices, including laptops, mobile phones, and other IoT devices.
  • There are several vulnerabilities present that, at worst, could allow a remote attacker to take control of your system. In theory, initial control could be established via Bluetooth wireless, which then could install traditional network-based command and control tools. The possibility of worm-style attacks in the wild exist; however, there are currently no known instances of this actually occurring, and the difficulty level of writing a single worm to impact all devices is high.
  • Finally, this vulnerability can only be used against devices within the effective Bluetooth range of the attacker (which is 33 feet on average in mobile phones and headsets, and 328 feet on average in laptops and desktops) without range-extending antennas or other similar technology.

Who’s affected
While these vulnerabilities should be taken seriously, there are patches available for most of the common operating systems used in these types of devices:

  • Apple: The discovered vulnerabilities impact iOS versions 9.3.5 and lower for iPads and iPhones. Apple mitigated these vulnerabilities when it released iOS 10 last September. However, tvOS is affected and will be addressed by a patch soon.
  • Microsoft: Microsoft Windows is affected, and a patch for all supported versions of the Windows operating system can be installed as of Tuesday, September 12, 2017 at 10 a.m. using the Microsoft Update tool.
  • Google: Google released a patch for this vulnerability on Android versions Marshmallow (6.0) and Nougat (7.0) on August 7, 2017 and made this available to its partners on the same day. It was incorporated into the September Security Update, which was pushed to all Nexus and Pixel devices covering every Android version since KitKat. While other Android device manufacturers received the patch a month ago, delivery date of patches will vary by manufacturer. If you are unable to determine if you have the September Security update and want to verify whether your Android device is susceptible to this attack, Armis has provided a BlueBorne Scanner App on the Google Play Store.

Guidance for Individuals

  • Ensure you are up to date on all patches issued by your technology vendors.  
  • Check your mobile device to ensure it has either been updated or has a pending update to install. If it has a pending install, do it immediately!
  • Ensure that your home devices are up to date as well, and don't neglect your Internet of Things (IoT) devices. Cameras, TVs, thermostats, and other home devices generally use various builds of Linux to power their functionality. They could be affected too, so be sure to check with your vendor frequently over the coming days and weeks for any relevant updates.
  • If you find that an update is not available for your device, turn off Bluetooth except when necessary. Android devices in particular may rely on your cellular carrier and/or phone manufacturer to ship the update. Keep checking for updates.  

Guidance for Organizations

  • Ensure that your security team has a timely and effective patch management process – and where possible, is leveraging an automated patch management solution.
  • If you haven’t already, explore centralized configuration management and mobile device management solutions, which help to manage the configuration of a large number of computers / mobile devices using a central configuration model. This enables reconciliation between the client/device state and the central configuration specification. 
  • Continually reinforce good security hygiene with staff and instill a security-conscious environment.

How Can Coalfire Help?
Coalfire has a broad range of services to support vulnerability identification and management. For assistance with your cybersecurity program, please contact your Coalfire representative: call (877) 224-8077, or fill out our contact form.

Communications Team

Author

Communications Team — Coalfire

Recent Posts

Post Topics

Archives

Tags