Patches Available for Bluetooth Flaw
Security flaws present in the software components that power wireless communications over Bluetooth on a number of popular laptop models could let attackers compromise vulnerable machines.
Bluetooth is a communications technology that allows electronic devices to exchange information wirelessly over short distances (the theoretical range is between 10 to 100 meters, depending on the class of the devices used). The problem stems from Bluetooth device drivers made by Toshiba Corp., drivers that are present not only in many Toshiba notebooks but also in a number of machines made by Dell Computer.
According to an advisory from Atlanta-based SecureWorks, an attacker would not need to have login credentials on the target computer to execute the attack. While an attacker would need to know the Bluetooth address assigned to the victim's device, this wouldn't be an issue for machines configured to allow other Bluetooth devices to discover it (one of several free Bluetooth scanning tools could be used to discover the address).
SecureWorks says the same Toshiba Bluetooth components also are present in some Sony Vaio and ASUS computers, though I could find no advisories related to this issue on either of those vendors' support sites. Security Fix got in touch with Armin Scheruebl of Toshiba, who confirmed the vulnerability exists on pretty much all recent Toshiba systems shipped with Bluetooth pre-installed.
The advisory credits SecureWorks researcher David Maynor and independent research Johnny "Cache" Ellch for reporting and researching the flaw; these are the same two researchers who pointed to similar flaws present in a variety of wireless device drivers earlier this year at the Black Hat hacker convention in Las Vegas.
Their advisory references work done by the Trifinite Group, a Bluetooth security auditing outfit that presented very similar findings in June. Trifinite's advisory suggested that exploiting the flaw could cause the "blue screen of death" to appear on some machines. But the group acknowledged that it was not able to use the bug to install programs on a machine running a vulnerable Bluetooth driver.
SecureWorks spokesperson Elizabeth Clarke said "the vulnerability reported in this advisory is different from the Trifinite vulnerability but is related to the extent that both vulnerabilities exist in the same layer of the Bluetooth drivers. The Toshiba Bluetooth vulnerability reported was discovered, tested and documented as part of David Maynor and Jon Ellch's research on wireless device drivers over the past six months." She also stated that Maynor "was able to demonstrate a crash that could execute code on a Dell running a Toshiba Bluetooth stack," but that Dell was the only hardware platform they tested the exploit on.
A Dell spokesperson said SecureWorks shared an exploit with the company that worked against any of nine different Dell Latitude laptops, and that the company's engineers were able to reproduce the reported problems in-house. Dell said it has shipped updates to fix the problem on Latitude Models D820, D620, D420, and D520. Other Latitude models also are vulnerable, including the D810, D610, D410, D510 and X1 versions, but the company doesn't expect to ship updates for those models until Nov. 4.
Patches are available for download for the first set of systems mentioned above by visiting this link and selecting "Latitude," your model, the operating system you are using, and then by hitting "find downloads." The link to the latest patched Bluetooth driver should be listed under the "Network" heading.
While it's not terribly likely that we will see these weaknesses being exploited in the wild anytime soon, it's a good idea to make sure your machine is running the latest Bluetooth drivers.
To see what version of Bluetooth is installed on your machine, right-click the blue "Bluetooth Manager" icon in the task bar near the system clock, then select "Device Properties" and then "General." If that doesn't work, right click on the Bluetooth Manager icon, select "Options," then "General," then "Details." Users running version 4.20.01 should download and install the "PC Bluetooth Stack," available at this link. Toshiba users with Bluetooth versions 3.x through 4.00.36 should install the "PC Bluetooth Stack Security Patch 2," downloadable from this link.
October 17, 2006; 12:44 PM ET
Categories: New Patches
Save & Share: Previous: For Microsoft, Patch Tuesday Often Becomes Exploit Thursday
Next: Apple Says Some iPods Shipped With Virus
The comments to this entry are closed.