Billions of devices impacted by new Bluetooth Flaws

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Sep 13, 2017.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    48,389
    Likes Received:
    18,560
    GPU:
    AMD | NVIDIA
    Security company Armis has found a collection of eight exploits, collectively called BlueBorne, that can allow an attacker access to your phone without touching it. The attack can allow access to comp...

    Billions of devices impacted by new Bluetooth Flaws
     
  2. Evildead666

    Evildead666 Guest

    Messages:
    1,309
    Likes Received:
    277
    GPU:
    Vega64/EKWB/Noctua
    Bluetooth has never really been that secure.

    It should be switched off when not being used, as should Wifi.
    It saves the battery too.
    Wired headphones are fine, and bluetooth speakers seem to be overused in public transport, by assholes listening to rap music.
     
    vonSternberg, Loophole35 and airbud7 like this.
  3. Tree Dude

    Tree Dude Guest

    Messages:
    532
    Likes Received:
    3
    GPU:
    Radeon R9 270X 2GB
    The problem with this once you have a few BT devices it gets hard to turn it off. I use BT for my FitBit and for music in my car (music starts as soon as I start the car, no intervention necessary). So I am using BT more often than not. Same with WiFi, I have WiFi at work and at home and my city has free WiFi downtown. Why would I bother to turn it off in the few instances I am not in these places?

    It is no surprise to me that iOS has just one hole vs the 8 in Android. Apple has always been more security focused than Google which is the main reason I prefer them. I also anticipate Apple will patch it faster than Google as well.
     
  4. Denial

    Denial Ancient Guru

    Messages:
    14,206
    Likes Received:
    4,118
    GPU:
    EVGA RTX 3080
    Google already patched it with the September security updates. Problem is that those fixes don't get filtered down to Android OEM's for months, if not years, sometimes never.
     
    pimpineasy likes this.

  5. Fyew-jit-tiv

    Fyew-jit-tiv Guest

    Messages:
    857
    Likes Received:
    4
    GPU:
    EVGA 580 Hydro 3GB x2
    I dont want to start an arguemnt but not everyone who listens to "RAP MUSIC" is an asshole. Over the TOP comment IMO.
     
  6. GroinShooter

    GroinShooter Master Guru

    Messages:
    440
    Likes Received:
    98
    GPU:
    GTX 1080 SC
    Maybe it's not about rap but more about said people blasting music they like through a speaker forcing everyone around them to listen to it whether they like it or not. A bit asshole-ish one might say. Tbh I don't get this trend either - travelling in public transport and blasting your music out loud or people running and carrying a speaker in their hand instead of using headphones, just, why?
     
    Evildead666 and airbud7 like this.
  7. fry178

    fry178 Ancient Guru

    Messages:
    2,067
    Likes Received:
    377
    GPU:
    Aorus 2080S WB
    @Tree Dude
    lol. no they are not.

    the only time i got a usb stick infected, was when i copied files to an apple on display (5 apples total),
    yet none of the other 15 windows computer (vista/7) transfered anything to the stick,
    even that they were used a lot more for "testing/surfing" than the apples.

    having less total amount of possible infections than other OSes doesnt mean its safer.
    besides that, google how many flaws are/were known to apple os/ios, and not fixed for month/years even after being contacted by "finder" about it.

    so sure, less overall chance/risc to get infected, but most apple users dont even care to run av/malware protection (cause those devices are so safe..),
    so "one flaw" is enough to do damage...
     
    Last edited: Sep 13, 2017
  8. Tree Dude

    Tree Dude Guest

    Messages:
    532
    Likes Received:
    3
    GPU:
    Radeon R9 270X 2GB
    One instance of infection from you means nothing. Who runs an AV on their phone? I don't know anyone, Android or iOS that runs an AV. No one wants to slow their phone down.

    Google only gives you 2yrs of OS upgrades on their Nexus and Pixel phones, where as I have a 5yr old iPhone 5 that had the latest iOS 10 on it. If you don't have an Google branded phone, well you might get updates or the manufacturer also might drop support in 6 months and move on. And that right there is the biggest risk with a Android phone. Support is the biggest mitigating factor to vulnerable devices and Apple has everyone beat. Until Google does something to fix the fragmentation of their ecosystem (oh and you know, stops mining my data for ad targeting), I will stay far, far away.
     
  9. Denial

    Denial Ancient Guru

    Messages:
    14,206
    Likes Received:
    4,118
    GPU:
    EVGA RTX 3080
    Android has a built in AV now with Play Protect and their phones receive security updates for 3 years, it's major OS updates that are only 2 years - but yeah, in general their security is not as good as Apple's and a large part of that is what you mentioned, fragmentation in the hardware ecosystem and failure to support their own devices for longer periods of time. They've made improvements recently with the monthly update program and whatnot but it's still rather lackluster.
     
  10. Yxskaft

    Yxskaft Maha Guru

    Messages:
    1,495
    Likes Received:
    124
    GPU:
    GTX Titan Sli
    I started using an AV on my smartphone and tablet when support stopped, shortly after Android 6 was made available.
     

  11. __hollywood|meo

    __hollywood|meo Ancient Guru

    Messages:
    2,991
    Likes Received:
    139
    GPU:
    6700xt @2.7ghz
    someone was telling me about this very experiment today. if i want to access my phone through another device, ill hardwire it, thanks. the internet of things is a pointless fad, much like VR. until theres something...anything...concrete to gain, im opting out. thats the issue at hand here - theres no functionality that i benefit from thats worth the security risk of constantly broadcasting my device.

    i say that fully understanding that many other people ignore risks due to rationalizations of probability (bad things happen but they wont happen to me), or simply disregard them instead due to rationalization of importance/relevance (nothing to hide, nothing to fear fallacy)

    no, they havent. nobody bothers writing viruses for apple products because they control a sliver of the desktop market (dont mention servers). inb4 iphones are everywhere...up until very recently, penetrating smartphones didnt get hackers much sensitive information besides the odd credit card.

    their adherence to updating their devices software is based upon their ideological want/need to have every device operating under one condition or environment - not to have a more secure OS, but to easily control stability/functionality problems that arise through a new patch. pls note im not defending android devices topping out at particular iterations; thats a very legit complaint, & shy of hardware incompatibility, it frankly shouldnt happen at all.
     
  12. Evildead666

    Evildead666 Guest

    Messages:
    1,309
    Likes Received:
    277
    GPU:
    Vega64/EKWB/Noctua
    Yes, this.

    Invariably, its Rap music, on a BT speaker, loud enough for me to hear it above my in-ear headphones.
     
  13. Tree Dude

    Tree Dude Guest

    Messages:
    532
    Likes Received:
    3
    GPU:
    Radeon R9 270X 2GB
    People have been using their smartphones and tablets for almost everything for over 5yrs now, not as recent as you think. And Apple's support is absolutely security focused, the last iOS update was a slew of security fixes. Frequent and consistent patching is the only way to be secure, everything else is secondary. Also you can write a virus and put it in Google's app store and it will hit hundreds of devices before Google removes it. Apple you can't do that because they have an approval process. The OS fragmentation and wide open app store are the reasons why Android phones are far less secure than and iOS. We can bicker over Apple's motivations, but they did not have to put end to end iCloud encryption in place. They did not have to encrypt iCloud backups in a way that even they cannot access them. That was done purely for security.
     
  14. pimpineasy

    pimpineasy Guest

    Messages:
    262
    Likes Received:
    13
    GPU:
    1050ti/Rx570
  15. -Tj-

    -Tj- Ancient Guru

    Messages:
    18,097
    Likes Received:
    2,603
    GPU:
    3080TI iChill Black
    So Bluetooth LE is ok then, I think most newer android phones use this type, no?

    My galaxy alpha is now ~3yrs old and has LE version of it.

     

  16. __hollywood|meo

    __hollywood|meo Ancient Guru

    Messages:
    2,991
    Likes Received:
    139
    GPU:
    6700xt @2.7ghz
    yeah, tj.

    i took that into account making my statement.

    that is laudable. i did also say that the curiously inconsistent OS version support for android hardware is a valid & major issue. cloud encryption doesnt refute my assertion. if you ask me, the cloud shouldnt exist in the first place. its very presence is a security risk vs local storage regardless of encryption methods.

    again, consolidated iOS version is done because they dont want to write two or three patches, updates, wrappers, watever, for the same applet/OS codebase in order for the hardware to work the way they want it to. thats the only leg up they might have that i see, personally, & thats not much. ive done a few security audits/pentests on wired, wireless, mobile, even airgap...that being said, i havent tested iOS11 yet.

    i talked to a security chief (friend of a friend i just met) who was bragging about his fortune200 company using apple products today who insisted the company issued mobile phones were basically impenetrable. the guy always has bluetooth enabled. guess wat? so do his employees & associates. that was a tough conversation until the talk got technical & he stopped arguing...you dont have to root your mobile for the device to be compromised...
     
    -Tj- likes this.
  17. Evildead666

    Evildead666 Guest

    Messages:
    1,309
    Likes Received:
    277
    GPU:
    Vega64/EKWB/Noctua
    It looks like it has to only support Bluetooth LE.
    your Phone supporting Bluetooth 4 is affected.

    Bluetooth LE only devices must be these IoT things that are being touted as the next coming of Jesus, when they are just as vulnerable, but in other ways....or smartwatches/health bands, etc...
     

Share This Page