Armis, the enterprise IoT security company, has found eight serious security flaws called BlueBorne, in Bluetooth protocol.
According to Armis, these vulnerabilities are the most serious Bluetooth vulnerabilities identified to date. Previously identified flaws found in Bluetooth were primarily at the protocol level. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.
The scary part is that almost every device that has bluetooth capabilities is affected, including smartphones, TVs, laptops, watches, smart TVs, automobile audio systems.
From operating system perspective, every single platform out there, including iOS, Windows, Android and Linux servers/desktops are affected. Only breath is for iOS users running iOS 10 or later.
Specific to the Linux kernel, one of the eight vulnerabilities, that affect the kernel is the Bluetooth implementation that started with version 3.3. It can allow for a remote attacker to cause a stack buffer overflow. This issue is identified as CVE-2017-1000251.
According to the researches at Armis, if exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a “man-in-the-middle” to gain access to critical data and networks without user interaction.
In a statement, Mark Cox, senior director of product security at Red Hat said:
“This issue only affects systems that have Bluetooth hardware installed. Linux kernels that are built with stack protection enabled should catch attempts to exploit this issue, resulting in a remote crash. Stack protection is a standard mechanism provided by modern compilers which can help stop certain stack buffer overflow exploits from leading to remote code execution.
For Linux kernels built without stack protection, Armis Labs states that this vulnerability can lead to remote code execution as root, effectively granting a malicious actor complete control over a target system.
Server systems are less likely to have Bluetooth hardware installed and those without such hardware are unaffected by this issue. Desktop systems, or other systems that have Bluetooth hardware installed, are affected by this issue by default.”
The company said that some versions of RHEL 7 are affected as they contain a version of the Linux kernel affected by this flaw. RHEL 7 is relatively safe as it contains an older version of the kernel which is affected in a different way and could be remotely exploited to cause a crash only.
There is no impact on Red Hat’s containers as the the issue impacts the kernel’s Bluetooth module. However, containers based on Red Hat Enterprise Linux Base Images will be respun against the updated kernels which address this flaw.
Red Hat has already released a patch.