How do I secure Linux systems against the BlueBorne remote attack?
The coordinated disclosure date for the BlueBorne vulnerabilities was September 12, 2017; you should see distribution updates with fixes for the issues shortly thereafter. For example:
Until you can update the kernel and BlueZ on affected systems, you can mitigate the issue by disabling Bluetooth (which might have adverse effects of course, especially if you use a Bluetooth keyboard or mouse):
-
blacklist the core Bluetooth modules
printf "install %s /bin/true\n" bnep bluetooth btusb >> /etc/modprobe.d/disable-bluetooth.conf
-
disable and stop the Bluetooth service
systemctl disable bluetooth.service systemctl mask bluetooth.service systemctl stop bluetooth.service
-
remove the Bluetooth modules
rmmod bnep rmmod bluetooth rmmod btusb
(this will probably fail at first with an error indicating other modules are using these; you’ll need to remove those modules and repeat the above commands).
If you want to patch and rebuild BlueZ and the kernel yourself, the appropriate fixes are available here for BlueZ and here for the kernel.
Related videos on Youtube
Comments
-
GAD3R over 1 year
The Armis Lab has discovered a new vector attack affecting all devices with Bluetooth enabled including Linux and IoT systems.
Armis has disclosed two vulnerabilities in the Linux operating system which allow attackers to take complete control over infected devices. The first is an information leak vulnerability, which can help the attacker determine the exact version used by the targeted device and adjust his exploit accordingly. The second is a stack overflow with can lead to full control of a device.
For instance all devices with Bluetooth enabled should be marked as malicious. The infected devices will create a malicious network allowing the attacker to take control of all device out of its Bluetooth range. Using the Bluetooth on Linux system to connect a peripheral devices (keyboards, mice, headphones, etc.) put the Linux under a various risks.
This attack does not require any user interaction, authentication or pairing, making it also practically invisible.
All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250).
All my Linux OS with Bluetooth enabled are marked as vulnerable after a check with the BlueBorne Vulnerability Scanner (Android application by Armis to discover the vulnerable device require to enable the device discovery, but the attack just require only the Bluetooth to be enabled).
Is there a way to mitigate the BlueBorne attack when using Bluetooth on a Linux system?
-
Bob Jarvis - Слава Україні over 6 yearsTurning off BlueTooth might be a good start.
-
Daniel Underwood over 6 yearsIf you need to use bluetooth, fixes have now been applied to both BlueZ and the kernel. But that also means that you will have to compile and run a kernel from scratch.
-