​Linux gets blasted by BlueBorne too

BlueBorne is a set of Bluetooth security holes that just keeps on hitting. Besides smartphones and Windows, it seriously impacts Linux desktops and servers.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Google adds Play protect logo to certified Android devices

The security company Armis has revealed eight separate Bluetooth wireless protocol flaws known collectively as BlueBorne. This new nasty set of vulnerabilities have the potential to wreak havoc on iPhones, Android devices, Windows PC, and, oh yes, Linux desktops and server, as well.

While BlueBorne requires a Bluetooth connection to spread, once the security holes are exploited, a single infected device could infect numerous devices and computers in seconds. Attacks made with BlueBorne are silent, avoid activating most security measures, and require nothing from new victims except that their devices have Bluetooth on.

Armis CEO Yevgeny Dibrov explained: "These silent attacks are invisible to traditional security controls and procedures. Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them."

On Linux servers and desktops, BlueBorne can attack via the Linux kernel's implementation of the Bluetooth Host L2CAP protocol. Specifically, it impacts Linux using L2CAP version 3.3 and above. The vulnerability has been assigned CVE-2017-1000251. Red Hat rates this vulnerability as important.

The Logical Link Control and Adaptation Layer Protocol (L2CAP) works at the Bluetooth stack's data link layer. It provides services such as connection multiplexing, segmentation, and reassembly of packets for upper-layer protocols such as Bluetooth.

This issue only affects systems with Bluetooth hardware. Linux kernels with stack protection enabled (CONFIG_CC_STACKPROTECTOR=y) should catch attempts to exploit this issue. Stack protection is a standard mechanism provided by modern compilers. It helps stop some stack buffer overflow exploits from leading to remote code execution. That's the good news. The bad news is that while the attack will be stopped, it can cause the Linux system to crash.

For Linux kernels built without stack protection, Armis claims that this vulnerability can lead to remote code execution as root. When properly exploited, this could give an attacker complete control over a target system.

Read also: How companies can make the most from open source | SUSE Linux Enterprise 12 SP3 released | Ansible DevOps program gets upgraded | Sun set: Oracle closes down last Sun product lines

Server systems are less likely to have Bluetooth hardware installed. Without Bluetooth hardware, system are immune to BlueBorne attacks. Desktop systems are another matter.

On RHEL 7 x86_64 architecture, stack protection is enabled, and this issue can lead to a remote crash. On ppc64 architecture, stack protection is not enabled, and this flaw could lead to remote code execution. RHEL 6 contains an older version of the kernel that is affected in a different way and could be remotely exploited to crash. Most other modern Linux distributions are also vulnerable.

While fixes are in the work, for now the best -- indeed only -- real way to protect Linux against BlueBorne is to disable Bluetooth on all your computers.

Related stories:

Editorial standards