Menu
Home Explore People Places Arts History Plants & Animals Science Life & Culture Technology
On this page
BlueBorne (security vulnerability)
Bluetooth vulnerability, an attack vector

BlueBorne is a type of security vulnerability with Bluetooth implementations in Android, iOS, Linux and Windows. It affects many electronic devices such as laptops, smart cars, smartphones and wearable gadgets. One example is CVE-2017-14315. The vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017. According to Armis, "The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today [2017]."

We don't have any images related to BlueBorne (security vulnerability) yet.
We don't have any YouTube videos related to BlueBorne (security vulnerability) yet.
We don't have any PDF documents related to BlueBorne (security vulnerability) yet.
We don't have any Books related to BlueBorne (security vulnerability) yet.
We don't have any archived web articles related to BlueBorne (security vulnerability) yet.

History

The BlueBorne security vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017.10

Technical Information

The BlueBorne vulnerabilities are a set of 8 separate vulnerabilities.11 They can be broken down into groups based upon platform and type. There were vulnerabilities found in the Bluetooth code of the Android, iOS, Linux and Windows platforms:12

  • Linux kernel RCE vulnerability - CVE-2017-100025113
  • Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-100025014
  • Android information Leak vulnerability - CVE-2017-078515
  • Android RCE vulnerability #1 - CVE-2017-078116
  • Android RCE vulnerability #2 - CVE-2017-078217
  • The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-078318
  • The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-862819
  • Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-1431520

The vulnerabilities are a mixture of information leak vulnerabilities, remote code execution vulnerability or logical flaw vulnerabilities. The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP (Low Energy Audio Protocol). This vulnerability was only present in older versions of the Apple iOS.21

Impact

In 2017, BlueBorne was estimated to potentially affect all the 8.2 billion Bluetooth devices worldwide,22 although they clarify that 5.3 billion Bluetooth devices are at risk.23 Many devices are affected, including laptops, smart cars, smartphones and wearable gadgets.2425262728

In 2018, after one year after the original disclosure, Armis estimated that over 2 billion devices were still vulnerable.2930

Mitigation

Google provides a BlueBorne vulnerability scanner from Armis for Android.31 Procedures to help protect devices from the BlueBorne security vulnerabilities were reported by September 2017.323334[needs update]

References

  1. Staff (12 September 2017). "The Attack Vector "BlueBorne" Exposes Almost Every Connected Device". Armis.com. Retrieved 5 January 2018. https://www.armis.com/blueborne/

  2. Staff (12 September 2017). "BlueBorne - Protecting the Enterprise from BlueBorne" (PDF). Armis.com. Archived from the original (PDF) on 20 December 2017. Retrieved 5 January 2018. https://web.archive.org/web/20171220084324/http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf

  3. Biggs, Jpohn (12 September 2017). "New Bluetooth vulnerability can hack a phone in 10 seconds". TechCrunch. Retrieved 5 January 2018. https://techcrunch.com/2017/09/12/new-bluetooth-vulnerability-can-hack-a-phone-in-ten-seconds/

  4. Staff (12 September 2017). "The Attack Vector "BlueBorne" Exposes Almost Every Connected Device". Armis.com. Retrieved 5 January 2018. https://www.armis.com/blueborne/

  5. Staff (12 September 2017). "BlueBorne - Protecting the Enterprise from BlueBorne" (PDF). Armis.com. Archived from the original (PDF) on 20 December 2017. Retrieved 5 January 2018. https://web.archive.org/web/20171220084324/http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf

  6. Newman, Lily Hay (13 September 2017). "Hey, Turn Bluetooth Off When You're Not Using It". Wired. Retrieved 5 January 2018. https://www.wired.com/story/turn-off-bluetooth-security/

  7. Hildenbrand, Jerry (16 September 2017). "Let's talk about Blueborne, the latest Bluetooth vulnerability". AndroidCentral.com. Retrieved 5 January 2018. https://www.androidcentral.com/lets-talk-about-blueborne-latest-bluetooth-vulnerability

  8. Kerner, Sean Michael (12 September 2017). "BlueBorne Bluetooth Flaws Put Billions of Devices at Risk". eWeek. Retrieved 5 January 2018. http://www.eweek.com/security/blueborne-bluetooth-flaws-put-billions-of-devices-at-risk

  9. Staff (12 September 2017). "The Attack Vector "BlueBorne" Exposes Almost Every Connected Device". Armis.com. Retrieved 5 January 2018. https://www.armis.com/blueborne/

  10. Staff (12 September 2017). "The Attack Vector "BlueBorne" Exposes Almost Every Connected Device". Armis.com. Retrieved 5 January 2018. https://www.armis.com/blueborne/

  11. "BlueBorne Whitepaper" (PDF). Archived (PDF) from the original on 5 May 2020. https://info.armis.com/rs/645-PDC-047/images/BlueBorne%20Technical%20White%20Paper_20171130.pdf

  12. "An Analysis of BlueBorne: Bluetooth Security Risks". Decipher. Retrieved 28 July 2021. https://duo.com/decipher/an-analysis-of-blueborne-bluetooth-security-risks

  13. "NVD - CVE-2017-1000251". nvd.nist.gov. Retrieved 28 July 2021. https://nvd.nist.gov/vuln/detail/CVE-2017-1000251

  14. "NVD - CVE-2017-1000250". nvd.nist.gov. Retrieved 28 July 2021. https://nvd.nist.gov/vuln/detail/CVE-2017-1000250

  15. "NVD - CVE-2017-0785". nvd.nist.gov. Retrieved 28 July 2021. https://nvd.nist.gov/vuln/detail/CVE-2017-0785

  16. "NVD - CVE-2017-0781". nvd.nist.gov. Retrieved 28 July 2021. https://nvd.nist.gov/vuln/detail/CVE-2017-0781

  17. "NVD - CVE-2017-0782". nvd.nist.gov. Retrieved 28 July 2021. https://nvd.nist.gov/vuln/detail/CVE-2017-0782

  18. "NVD - CVE-2017-0783". nvd.nist.gov. Retrieved 28 July 2021. https://nvd.nist.gov/vuln/detail/CVE-2017-0783

  19. "NVD - CVE-2017-8628". nvd.nist.gov. Retrieved 28 July 2021. https://nvd.nist.gov/vuln/detail/CVE-2017-8628

  20. "NVD - CVE-2017-14315". nvd.nist.gov. Retrieved 28 July 2021. https://nvd.nist.gov/vuln/detail/CVE-2017-14315

  21. "What is BlueBorne? An Apple Device FAQ". The Mac Security Blog. 22 September 2017. Retrieved 28 July 2021. https://www.intego.com/mac-security-blog/what-is-blueborne-an-apple-device-faq/

  22. Staff (12 September 2017). "The Attack Vector "BlueBorne" Exposes Almost Every Connected Device". Armis.com. Retrieved 5 January 2018. https://www.armis.com/blueborne/

  23. Smith, Ms (12 September 2017). "5.3 billion devices at risk for invisible, infectious Bluetooth attack". CSO Online. Retrieved 28 July 2021. https://www.csoonline.com/article/3224365/53-billion-devices-at-risk-for-invisible-infectious-bluetooth-attack.html

  24. Staff (12 September 2017). "The Attack Vector "BlueBorne" Exposes Almost Every Connected Device". Armis.com. Retrieved 5 January 2018. https://www.armis.com/blueborne/

  25. Staff (12 September 2017). "BlueBorne - Protecting the Enterprise from BlueBorne" (PDF). Armis.com. Archived from the original (PDF) on 20 December 2017. Retrieved 5 January 2018. https://web.archive.org/web/20171220084324/http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf

  26. Newman, Lily Hay (13 September 2017). "Hey, Turn Bluetooth Off When You're Not Using It". Wired. Retrieved 5 January 2018. https://www.wired.com/story/turn-off-bluetooth-security/

  27. Hildenbrand, Jerry (16 September 2017). "Let's talk about Blueborne, the latest Bluetooth vulnerability". AndroidCentral.com. Retrieved 5 January 2018. https://www.androidcentral.com/lets-talk-about-blueborne-latest-bluetooth-vulnerability

  28. Kerner, Sean Michael (12 September 2017). "BlueBorne Bluetooth Flaws Put Billions of Devices at Risk". eWeek. Retrieved 5 January 2018. http://www.eweek.com/security/blueborne-bluetooth-flaws-put-billions-of-devices-at-risk

  29. Osborne, Charlie. "Two billion devices still vulnerable to Blueborne flaws a year after discovery". ZDNet. Retrieved 28 July 2021. https://www.zdnet.com/article/two-billion-devices-still-exposed-after-blueborne-vulnerabilities-reveal/

  30. "BlueBorne: One Year Later". Armis. 13 September 2018. Retrieved 28 July 2021. https://www.armis.com/blog/blueborne-one-year-later/

  31. Staff (12 September 2017). "BlueBorne Vulnerability Scanner by Armis - 2017". Google. Retrieved 5 January 2018. https://play.google.com/store/apps/details?id=com.armis.blueborne_detector&hl=en

  32. Staff (15 September 2017). "Information on new BlueBorne security vulnerability". Cornell University. Retrieved 5 January 2018. https://its.weill.cornell.edu/news-and-alerts/news/information-on-new-blueborne-security-vulnerability

  33. Meyer, David (13 September 2017). "How to Check If You're Exposed to Those Scary BlueBorne Bluetooth Flaws". Fortune. Retrieved 5 January 2018. http://fortune.com/2017/09/13/armis-blueborne-bluetooth-ios-android-windows-linux/

  34. Geiger, Erik (20 September 2017). ""BlueBorne" Exposes Millions of Bluetooth Devices". Wisconsin University. Archived from the original on 5 January 2018. Retrieved 5 January 2018. https://web.archive.org/web/20180105233711/https://it.wisc.edu/news/blueborne-exposes-millions-bluetooth-devices/