Armis security has identified a new vulnerability in computers and mobile devices that leaves them susceptible to attack via Bluetooth. The exploit, dubbed “BlueBorne, ” doesn’t require user permission or to even pair with devices — it can simply connect over the air and access networks or install malware. Armis previously alerted most affected parties back in April, but as of today, it’s mostly Android devices that remain vulnerable to attack. There are technically several distinct attack vectors spread across current mobile operating systems. As Armis noted in its BlueBorne info page, Apple’s iOS beyond version 9.3.5 are vulnerable, but that vector was ironed out in iOS 10. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here . Google’s Android, however, is spread across so much hardware that the onus to update falls on third-party manufacturers, who might not patch out the vulnerability in time. For its part, Google released protective patches for Nougat (7.0) and Marshmallow (6.0) as part of its September security update . “We have released security updates for these issues, and will continue working with other affected platforms across the industry to develop protections that help keep users safe, ” a Google spokesperson told Engadget. The other wildcard here: Linux-based devices. Armis informed Linux device operators of the vulnerability very late (last month, as opposed to back in April when it divulged to the other mobile OS providers). Accordingly, Armis wasn’t aware of patches for Linux operating systems, meaning anything running BlueZ are vulnerable to one of the vectors, while those with Linux version 3.3-rc1 can be attacked by another. This includes Samsung’s Gear S3 smartwatch, its smart TVs and family hub. While using Bluetooth is a canny way to automatically infiltrate user devices without permission, it means BlueBorne is bound by the signal frequency’s short range, and only affects devices with Bluetooth turned on. But since the exploit is so different to the typical attack vector, users wouldn’t even be alerted if their device gets compromised, leading to a hypothetical nightmare scenario (detailed in the video below) wherein a user spreads the “infection” to vulnerable phones and tablets simply by walking in their vicinity. Worried your device might be vulnerable? Check Armis’ page on the exploit along with the respective white paper (PDF) explaining BlueBorne in detail. Via: The Verge Source: Armis , US-CERT
Read More:
Some phones and laptops are vulnerable to ‘BlueBorne’ exploit
Shannon Liao reports via The Verge: If you’re one of the millions affected by the Equifax breach, a chatbot can now help you sue Equifax in small claims court, potentially letting you avoid hiring a lawyer for advice. Even if you want to be part of the class action lawsuit against Equifax, you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2, 500 in states like Rhode Island and Kentucky to $25, 000 in Tennessee. The bot, which launched in all 50 states in July, is mainly known for helping with parking tickets. But with this new update, its creator, Joshua Browder, who was one of the 143 million affected by the breach, is tackling a much bigger target, with larger aspirations to match. He says, “I hope that my product will replace lawyers, and, with enough success, bankrupt Equifax.” Not that the bot helps you do anything you can’t already do yourself, which is filling out a bunch of forms — you still have to serve them yourself. Unfortunately, the chatbot can’t show up in court a few weeks later to argue your case for you either. To add to the headache, small claims court rules differ from state to state. For instance, in California, a person needs to demand payment from Equifax or explain why they haven’t demanded payment before filing the form. Read more of this story at Slashdot. 