Announcement

Collapse
No announcement yet.

Linux Impacted By Information Leak & Remote Code Execution Via Bluetooth

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #21
    Originally posted by L_A_G View Post
    You and the other guy are assuming that the person/people who set up the airgapped system and the ones using it all know what they're doing. In the real world you really can't make that assumption. There's a reason why with super secure systems they actually physically break stuff by doing things like pouring glue into USB ports.
    In real life you must assume everyone is a moron, and even then you might still not be prepared to the level of morons your device will encounter.
    Last edited by starshipeleven; 13 September 2017, 05:15 AM.
    • Likes 2

    Comment

    • #22
      Originally posted by R41N3R View Post
      Seems like a nightmare if you watch the videos.
      ^ This basically describes the entire IoT ecosystem. Most vendors of IoT devices are selling a short lived consumer product. They'll provide updates for a year or two, then drop it when the new model is released. Meanwhile, new security flaws and holes are found regularly, and none of the "legacy" IoT products will ever get patched. Now think of the implications when you're talking about home security, like smart door locks and such. Pretty scary.
      • Likes 6

      Comment

      • #23
        Originally posted by torsionbar28 View Post
        ^ This basically describes the entire IoT ecosystem. Most vendors of IoT devices are selling a short lived consumer product. They'll provide updates for a year or two, then drop it when the new model is released. Meanwhile, new security flaws and holes are found regularly, and none of the "legacy" IoT products will ever get patched. Now think of the implications when you're talking about home security, like smart door locks and such. Pretty scary.
        I've been stockpiling popcorn for the inevitable IoT-calipse, I urge everyone to do so too.
        • Likes 4

        Comment

        • #24
          Originally posted by L_A_G View Post
          it can be fixed with a relatively simple software patch and not like Broadpwn (where it's the hardcoded hardware internal firmware that's being exploited and a simple software patch fix isn't possible).
          Updated firmware that fixes "Broadpwn" is available (and has been for some time) for Broadcom chips, eg. BCM43430 as used by the Raspberry Pi 3/Pi0W (link). Not sure if firmware is available for _all_ affected chips, but since most of these types of devices are capable of loading firmware at run-time I'd expect that to be the case.

          Comment

          • #25
            Looks like the patch has been backported to 4.12.13 and 4.13.2

            Comment

            • #26
              And this is why I refuse to use Bluetooth keyboards. :P

              Well, that and my concerns about transmitting typed passwords wirelessly, regardless of the short range and "security" features.

              /smug
              • Likes 1

              Comment

              • #27
                The name is spelled "BlueBorne", not "Bluebourne". I only know because googling based on the article's variant spelling didn't work well.

                Comment

                Previous 1 2 3 template Next
                Working...
                X