really serious bluetooth vulnerabilities

Discussion in 'Technical' started by sec_monkey, Sep 12, 2017.


  1. sec_monkey

    sec_monkey SM Security Administrator


    [tea] [coffee] monkeys

    turn off bluetooth on all devices immediately, then install the patches/fixes as soon as they become available

    see BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices [ bleepingcomputer ]

    microsoft win, iOS, Android, Linux [ plus potentially all other operating systems ] are affected
     
  2. oil pan 4

    oil pan 4 Monkey+++

    A wireless nerd I know has been saying for years "bluetooth is a hackers wet dream come true".
    If that means what I think it means then always leaving Bluetooth off on my wireless devices has likely been a smart move.
     
    sec_monkey likes this.
  3. sec_monkey

    sec_monkey SM Security Administrator

    yep been sayin that too
     
  4. ALynne

    ALynne Monkey

    Thank you
     
  5. Motomom34

    Motomom34 Moderator Moderator

    What about cars with Bluetooth?
     
  6. sec_monkey

    sec_monkey SM Security Administrator

    they are affected too :(
     
  7. Motomom34

    Motomom34 Moderator Moderator

    Okay.... So how does one turn off an auto Bluetooth? It always seems to be on
     
  8. sec_monkey

    sec_monkey SM Security Administrator

    it varies based on the infotainment/nav system provider(s), users have to mess with the system to find the setting(s) or have to search for the docs online

    some devices might never receive a fix :cry: :mad:
     
    Motomom34 likes this.
  9. Cruisin Sloth

    Cruisin Sloth Special & Slow

    It's in the infotainment area BUT thats what all car drivers are using to pair in there phones (more than one up to 4 in the euro world )
    We use Proprietary TDK Bluetooth with revolving code for our main bluetooth in talking to the main systems , NOT the phone !! thats an open bluetooth . Mine only connects with the Diagnosing tool made from the manufacture (VAG , BMW,Volvo MB, )
     
  10. BTPost

    BTPost Old Fart Snow Monkey Moderator

    Actually it ALL depends on who wrote the Bluetooth Protocol Stack...95% of ALL BlueTooth devices use the original BlueTooth Stack, implemented in the Devices Firmware... And this is where the issue is found... This Firmware is implemented in the Chips from the OEM.... YES, it can be overwritten, with a Patch, IF and ONLY IF, the Devices Protocol Stack allows this function... Some do and some do NOT... That depends on the Devices implementation of the BlueTooth Driver that is written by THE DEVICES OEM, and NOT the Chips OEM... APPLE has patched it's iPhone/iPad/iTouch/iWatch in the 10.0 or later iOS... They still need to fix OSX, and AppleTv Operating Systems... Anything that will not run their latest version of their Software, may or may NOT Ever get Patched... Tomorrow I will query the BearTooth Folks, and see what they are doing... for their product...
     
  11. Motomom34

    Motomom34 Moderator Moderator

    What is the harm in having your Bluetooth hacked? What is the danger to me?
     
  12. BTPost

    BTPost Old Fart Snow Monkey Moderator

    @Motomom34 The danger here is... by exploiting these vulnerabilities an outsider can walk by you, (Inside the 30Ft BlueTooth Range) and connect to your device, install Malware, Backdoor, or whatever they choose, and you, as the User, will have NO Indication that it has happened, and your information is compromised.... THAT is the issue here....
     
    Motomom34 likes this.
  13. Bandit99

    Bandit99 Monkey+++

    Mine has been off for years. I turn it on only when I want a photo from someone then immediately turn it off. In fact, I turn the internet off also (the data) and everything else.

    I sort of look at my mobile phone as a firearm. It is dangerous if used improperly or letting others have access to it. As such, I control it at all times just like my firearm.
     
    Motomom34 likes this.
  14. Motomom34

    Motomom34 Moderator Moderator

    Thanks for explaining that. I know ones needs RFID wallets and such but never thought of my car. Really spotlights how vulnerable and at risk people are.
     
  15. Ura-Ki

    Ura-Ki Grudge Monkey

    I have a Bluetooth hotspot that links my laptop and cell phones for business, it's nearly impossible to run with out as I need my hot spot to get any signal for my phones. This is going to cause I'm numberd problems for me and there is no fix as of yet!
     
    Motomom34 likes this.
  16. Cruisin Sloth

    Cruisin Sloth Special & Slow

    If the computer has a BT unit , then the TDK unit will not function , It will only let one BT & it will NOT allow open BT via a serial number & password connection to the device if the device had been hard wired in once .
    Encryption is huge since I run 6 diagnosing units off one laptop in a area of 20 guys who have the same .
    No ones phone is seen & they can't see our BT units .
    1999 -2004 was the POS BT till Nokia released ours.
    There is NO open air pairing !
    Sloth
     
  17. aardbewoner

    aardbewoner judge a human on how he act,not on look and talk.

    No hope that my android phone will be updated,and the ear set is connected with bluetooth.
    Prove that closed software and machines are a bad thing.And the threat that can be hidden in control chips
    made in .... that are in your hard disk,cpu (intel),IoT or even your coffee machine.
     
  18. aardbewoner

    aardbewoner judge a human on how he act,not on look and talk.

    It,s not only bluetooth,all smartphones where the OS is not updated !
    Backdoors in chips, all that apps, that do how know what ! Save energy, go wireless lol.
     
  19. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Verizon has released an update for at least the Samsung Galaxy S6 that incorporates the patch for this vulnerability.

    Just updated and checked. Assuming the checking app published by the company that initially discovered the vulnerability is accurate. Prior to this update, the app did report that my phone was vulnerable, now it reports that it is not.
     
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7