Hack ANY device via bluetooth (ios/android/windows/linux) Blueborne hack

smz

Rising Star
BGOL Investor


I wonder how long goverments/NSA/GCHQ/hackers etc have known about this...

The Blueborne hack can access the pictures/data/move mouse/turn on camera /turn on microphone on ANY device just so long as the target has their bluetooth turned on.

Side note: reminds me of that scene in BvS when Batman hacks the dudes phone at the bar.
 

ViCiouS

Rising Star
BGOL Patreon Investor


I wonder how long goverments/NSA/GCHQ/hackers etc have known about this...

The Blueborne hack can access the pictures/data/move mouse/turn on camera /turn on microphone on ANY device just so long as the target has their bluetooth turned on.

Side note: reminds me of that scene in BvS when Batman hacks the dudes phone at the bar.

I've known of bluetooth vulnerabilities for over 5 yrs... I disable blue tooth drivers on my devices when I'm not going to pair them... and I use it very rarely....
before iCloud hacks - bluetooth hacks were a very common source of leaks
 

Shadow22

Rising Star
Registered
I've known of bluetooth vulnerabilities for over 5 yrs... I disable blue tooth drivers on my devices when I'm not going to pair them... and I use it very rarely....
before iCloud hacks - bluetooth hacks were a very common source of leaks


Do u use a bluetooth with ur phone knowing what u know?
 

ViCiouS

Rising Star
BGOL Patreon Investor
Stop Leaving Your Smartphone's Bluetooth On
mrzkunt8oiqpopbatum2.jpg


If you always leave Bluetooth on your phone on, you might want to rethink things.

A vulnerability known as BlueBorne was discovered this week by security research firm Armis. With it, researchers were able to infiltrate Samsung Galaxy Phones and the Google Pixel as well as an LG Sports Watch and a car audio system, all by exploiting the Bluetooth connection.


Other devices are also vulnerable. Specifically, iPhones and iPads that haven’t been upgraded to iOS 10, as well as a number of other Android, Microsoft, and Linux products. A BlueBorne attack reportedly only takes 10 seconds to do and can give a hacker control of your Bluetooth-enabled device, even if it isn’t connected to anything when the attack begins.

Google and Microsoft put out security patches to get rid of the vulnerability this week. If you haven’t updated your phone in the past few days, you should go ahead and do that right now. No really, do it now.


The issue brings up a much bigger problem: you shouldn’t be leaving your Bluetooth on in the first place.


Wired notes that when you leave Bluetooth on, it’s constantly open to and waiting for other devices to connect to. That’s great when you want to sync your Fitbit or listen to some jams on your wireless headphones, but that also means that your device is constantly available for nefarious things to try and connect to it as well. Sure, use it to connect to your headphones or car. But if you’re not using it, you should power the feature off.

The way BlueBorne works, it constantly scans for devices that have Bluetooth on, and when it finds one that has relevant vulnerabilities, it can hack into the device exceptionally quickly. Once connected, hackers can take control of the device and even steal data from it.

The attack can also spread from device to device. So, while attackers would technically need to be in Bluetooth range of your phone (33 feet) to pull something like this off, they can get some extra distance when there are other infected devices around as well.


Even though this specific vulnerability has been patched, it’s only a matter of time before something similar pops up.

The easiest line of defense? Don’t leave your Bluetooth on. Wired compares leaving Bluetooth on to leaving a door to your home unlocked. Yes, it will be easier to get in when you get home if you just don’t lock it, but you’re also making it much easier for robbers to come in and steal everything you have while you’re away.
 
  • Like
Reactions: smz

g0nbad real bad

Rising Star
BGOL Investor
How can you not have your Bluetooth on and be connected to headsets or speakers? I know before they said don't have your device discoverable.
 

ViCiouS

Rising Star
BGOL Patreon Investor
Or just upgrade your phone?
:rolleyes:
this is only one vulnerability - disable bluetooth when you are not using it
What Devices Are Affected?
Android
All Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions are affected by four vulnerabilities found in the Android operating system, two of which allow remote code execution (CVE-2017-0781 and CVE-2017-0782), one results in information leak (CVE-2017-0785) and the last allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-0783).

Windows
All Windows computers since Windows Vista are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-8628).

Linux
Linux is the underlying operating system for a wide range of devices. The most commercial, and consumer-oriented platform based on Linux is the Tizen OS.

  • All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250).
  • All Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (CVE-2017-1000251)
iOS
All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability (CVE-2017-14315). This vulnerability was already mitigated by Apple in iOS 10, so no new patch is needed to mitigate it. We recommend you upgrade to the latest iOS or tvOS available.
 
Last edited:

Mrfreddygoodbud

Rising Star
BGOL Investor
geez. All this hacking gonna send us back to the analog days.


thats what Im saying about driveless cars and shit,

its waaay too soon for that shit...

you driving in yo car and some hacker from a thousand miles away takes over your shit..

and you on some narrow ass bridge and shit...
 
Last edited:
  • Like
Reactions: smz

The Technician

Formerly Commandernchief
BGOL Investor
Thanks for the information, but I'm not particularly worried about this. All my information might have been compromised by the Equifax hack. I consider the Equifax hack to be 100x worse than the possibility that my phone gets hacked over Bluetooth. This new or at least now exposed vulnerability is a trade off to the convenience of modern day technology and everything being connected by that technology. I can't be bothered to run around worrying about someone getting something off of me. I take whatever precautions I can that isn't a major inconvenience and leave the responsibility of protecting other information other to service providers (like Equifax, which failed).
 

TooTrilla

Mil Town Legend
BGOL Investor
thats what Im saying about driveless cars and shit,

its waaay too soon for that shit...

you driving in yo car and some hacker from a thousand miles away takes over your shit..

and you on some narrow ass bridge and shit...
That shit is real. I saw a Vice special where some dude was hacking into cars making them do shit :smh:
 

BAG

Cleveland D-T-W [216]
BGOL Investor
Right! We are dead serious!
Hit me up if you find something bro and I will do the same.

I got you later today when I have time I'm going to do some research and take a plunge into the deep web ocean but I don't like just clicking on onion links for obvious reasons I need to know where to look!
 
Top