Bluetooth agreement flaws vulnerability:BlueBorne attack affected the number of 10 million Bluetooth equipped-vulnerability warning-the black bar safety net

2017-09-14T00:00:00
ID MYHACK58:62201789277
Type myhack58
Reporter 佚名
Modified 2017-09-14T00:00:00

Description

! Description Armis Labs show an intrusion attack vector, such that the mounting tributary of the move, the desktop, and IoT operating systems include Android, iOS, Windows, Linux systems and equipment are subject to its influence. It is through the process of atmosphere(airborne)can be spread, and then through a process of the Bluetooth(Bluetooth)agreements proposed invasion attack. BlueBorne hence the name. Reference: https://www.armis.com/blueborne/ BlueBorne the reason why the risk is because most of the users are YAP in their does not application Bluetooth time Bluetooth switch off. And the attacker basically unnecessary with the target equipment pairing(what, then banner of lights in the takeover range)will be a complete take over of the equipment. Armis Labs team head of Ben Seri said that they had in the test case to set up a botnet, and the application BlueBorne intrusion attack means hit a single software. However, the Seri think, that is experienced the invasion of the attacker, you want to in the world wide range of making an alignment of all platforms, and may perhaps from a contaminated equipment slowly contamination around the equipment, and having a self-circulating effect of the worm is also not then easily. Reference: http://thehackernews.com/2017/09/blueborne-bluetooth-hacking.html 4 high-risk flaws Armis information lists the 8 flaws, and this 4 is a high-risk flaws(while Google's concluded that in all divisions) to: Reference: http://www.androidpolice.com/2017/09/13/googles-september-security-patch-fixes-blueborne-bluetooth-vulnerability/ Information leak flaws (CVE-2017-0785) The flaws occur on the SDP-do on the controller, the invasion of the attacker via a process to the SDP Office of the controller to recover the structure of the pleading, and then do the miles on the invasion of the attacker corresponding to the leak it is in memory information that can be sponsored invasion of the attacker's identify around the Bluetooth work, and the application of the above-mentioned long-distance code to fulfil flaws. Long distance code to fulfil flaws#1 (CVE-2017-0781) The flaws occur in the Bluetooth network encapsulation agreement Bluetooth Network Encapsulation Protocol, BNEP) - do, the Do for VIA the process of Bluetooth adapter to share Internet tethering on. Because BNEP offices, there is a disadvantage, the invasion of the attacker may be structural abnormalities of the easy application of surgical memory corruption, and then intrusion the attacker can complete take over the equipment and then perform arbitrary rate code. Because of shortage of the appropriate authorized certification, to trigger this flaw basically unnecessary any user interaction, the authentication may pairing, based on the target user complete helplessness perceived is to stop the invasion of the attack. Long distance code to fulfil flaws#2 (CVE-2017-0782) The flaws keep up with a similar, but present in the BNEP-do top--PAN(Personal Area Networking)profile, this file is used in two equipment between the set of IP network convergence. In this the flaws of the case, the memory corruption greater, but can still perhaps be the invasion of the attacker the application in order to get the affected equipment complete control. Keep up with a flaws similar to this flaws without user interaction, the authentication or pairing will be triggered. The Bluetooth Pineapple –the middleman invasion attack (CVE-2017-0783) Intermediaries intrusion attack so that the attacker can may hinder and nuisance revenue target equipment traffic. In the WiFi case, to propose a MITM, the attacker not only need special equipment, but also necessary to have from the target equipment sent to it used to establish the convergence of the“wither”WiFi network with no encryption the secret key of the adapter is begging for. Invasion attacker must sniff to the“adapter”in the“withers”on the network of the target equipment sent to the“withering”of the network 802. 11 of the probe request packet, then disguised as the“withering”of the network, to the target to the probe response. While in Bluetooth(Bluetooth), the attacker can probably automatically apply support Bluetooth equipment to tease the target. The flaws in the Bluetooth agreement stack of the PAN profile can be such that the attacker in the victim's equipment on the creation of a vicious thoughts of the network interface, from a new set of equipment furnishings network routing, and then the equipment on all communications traffic are gone this vicious thoughts network interface. Such intrusion unnecessary user interaction, the authentication may pairing, which makes the reality of the invasion to the attack in the invisible. Reference: https://www.armis.com/blueborne/ Specific articulation may refer to: http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper-1.pdf BlueBorne intrusion attacks what are the differences for? With the traditional network intrusion attacks differences, BlueBorne unnecessary user clicks on a URL link, perhaps download vicious thoughts file, the victim And even the basic unnecessary link to the Internet, it can may applications Bluetooth agreement in the short-range connotation of the atmosphere spread, and the hackers basic it is not necessary and the purpose of the victims of the pairing, as long as the purpose of the Bluetooth switch is in the closed condition, a hacker can link to this station equipment, and complete take over of equipment, you can also perhaps via a process to be tapping under the equipment spread vicious thoughts software, and the victims of complete helplessness aware of it! BlueBorne intrusion scenario is what? Imagine a holding a BlueBorne intrusion contaminated with Bluetooth equipment(weekdays case can perhaps be a cell phone)of the couriers, he at the Bank on weekdays is available but is very secure premises-the parcel come up to, then with his Bluetooth equipment to put the package to the recipient, then the couriers take this contaminated equipment can be perhaps the convergence of banks inside the rest shut the Bluetooth switch of the affected equipment like smartphones, smart watches, laptops, and then the Bank personnel and Bank customers spread vicious thoughts software. Then he went on to a station and a station send a courier, and he complete don't know he is being spread vicious thoughts software. Then He on the way in Britain at the end of his contaminated equipment will lead to vicious thoughts software streaming support, and those equipment may perhaps out of the now large company gathering, cafe, and even may perhaps in the hospital, the ultimate may perhaps incur company, the hospital and other large bodies of information leakage, perhaps playing a single virus. Reference: https://www.youtube.com/watch?v=LLNtZKpL0P8 BlueBorne invasion attack truth Bluetooth agreement stack, each of the flaws profile ! Picture origins: http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper-1.pdf The affected equipment Android equipment All Android smartphone, tablet, wearable equipment are affected by the after-mentioned 4 a high-risk flaws affect the two is the long distance code to fulfill the flaws(CVE-2017-0781 and CVE-2017-0782), there is a can be applied to stop the MITM intrusion attacks CVE-2017-0783, as well as a will lead to information leakage, CVE-2017-0785-in. The Android platform intrusion demo Windows equipment Windows Vista has all versions of the system are subject to the“Bluetooth Pineapple” invasion attack CVE-2017-8628 impact, you can make the invasion an attacker to stop the MITM intrusion attacks.

[1] [2] next