Security: Blue Borne (A Bluetooth Malware)
Blue Borne (💀A Bluetooth Malware💀)
Nowadays Bluetooth is the secondary option while we either send the file or receive the file. But only Bluetooth is the cheapest wireless technology we previously prefer at the first but now at the last. It doesn't mean that the importance will reduce but yes it holds the last indeed.
Bluetooth is a wireless technology standard for exchanging data over short distance(range is about >10m) 33ft. Invented by telecom vendor Ericsson in 1994. Bluetooth is managed by the Bluetooth Special Interest Group(SIG), which has more than 30,000 member companies in the areas of telecommunication, computing. Bluetooth is a standard wire-replacement communication protocol primarily designed for low-power consumption, with a short range based on low-cost transceiver microchips in each device.
Introduction to BlueBorne Attack
Security researchers have just discovered total 8 Zero day vulnerabilites in Blurtooth protocol that impact more than 5.6 Billion devices-using the sort range wireless coomunication technology. Using these vlnerablites, security reserchers at IoT security firm Armis have devised an attack, dubbed BlueBorne, which could allow attackers to completely take over Bluetooth-enabled devices, spread malware, or even establish a "men in the middle" connection to gain access to devices critical data and networks without requiring any victim interaction.
The Power of attack is Remote code. Basically Remote code is just like the control remotely on victim's device(doesn't matter how far or near it is because of man in the middle process). Hackers will run any command and can control with the help of Remote code execution. If we talking about its working just because of Man in the middle attack is attack made more easy and untraceable because of (MIM).
Risk Section
The BlueBorne attack vector has seveal qualities which can have a devastating effect when combined. By spreading through the air, BlueBorne target the weakest spot in the netwerk firewall and the only one that no security measure protects. Spreading from device to device through the air also makes BlueBorne highly infection. Moreover, since the Bluetooth process has high privileges on all operating system, exploiting it provides virtually full control over the device.
Unfortunately, this set of capablities is extremely desireable to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices like the Mirai Botnet or mobile devices as with the recent WireX Botnet. The BlueBorne attack vector surpasses the capablities of most attack vectors by penetrating secure "air gapped" networks which are disconnected from any other networks, includeing the Internet.
The importance of Bluetooth defense has become increasingly clear, and the Bluetooth Special Interest Group, which manages the standard, has focused on security in recent version. But attacks like Blue Borne that affect individual implementations of Bluetooth are attracting as well. Attacks against improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information and unauthorized use of Bluetooth devices and other system or networks to which the devices are connected, the National Institute of Standards and Technology noted in its extensive may guide to Bluetooth Security update.
You can't control if and when devices get patched for newly discovered Bluetooth vulnerabilities, and you were probably not going to stop using Bluetooth altogether just because of some possible risk. But apply every patch you can, and keep Bluetooth
off when you were not using it. With security everything is kind of like the flavor of the week.
Security often a matter of weighing risk and reward, defense vs convenience. In the case of Bluetooth
Unfortunately, this set of capablities is extremely desireable to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices like the Mirai Botnet or mobile devices as with the recent WireX Botnet. The BlueBorne attack vector surpasses the capablities of most attack vectors by penetrating secure "air gapped" networks which are disconnected from any other networks, includeing the Internet.
Attack Defense
The importance of Bluetooth defense has become increasingly clear, and the Bluetooth Special Interest Group, which manages the standard, has focused on security in recent version. But attacks like Blue Borne that affect individual implementations of Bluetooth are attracting as well. Attacks against improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information and unauthorized use of Bluetooth devices and other system or networks to which the devices are connected, the National Institute of Standards and Technology noted in its extensive may guide to Bluetooth Security update.
You can't control if and when devices get patched for newly discovered Bluetooth vulnerabilities, and you were probably not going to stop using Bluetooth altogether just because of some possible risk. But apply every patch you can, and keep Bluetooth
Security often a matter of weighing risk and reward, defense vs convenience. In the case of Bluetooth
Comments
Post a Comment