Over 5.3 billion devices across windows, linux, ios, and android are affected with a new attack vector called BlueBorne.
Unless traditional attacks, this attack vector spreads over the air via Bluetooth and hacker does not need to pair with each device.
If Bluetooth is turned on, the hacker can get control of the device, spread the malware, all process will be undetectable
by the victim.
BlueBorne Vulnerability Attack Method
Since attacker only requires the Bluetooth to be turned on, with BlueBorne attack the infected device can further connect to infect any other device such as laptops, smart watch, smart phone or any other Bluetooth enabled device.
There is no way of detecting or stopping the attack, as it is invisible unlike traditional attacks.
Impact of Vulnerability:
- Each and every device which is being infected can be delivered with a malware or ransomware.
- The hackers can penetrate and take control of devices, and gain access to critical business related information.
- A Ransomware attack can lead to hostage of confidential data, and can force user to pay ransom.
- Failure in decrypting can lead to complete loss of data.
In this article, we will cover step by step procedure to protect against “BlueBorne Vulnerability” using Saner Solution.
Protecting against “BlueBorne Vulnerability” using Saner Solution on Linux
The Search ID according platform:
Ubuntu : USN-3422-1
Debian : DSA-3981-1
CentOS6 : CESA-2017:2681
CentOS7 : CESA-2017:2679
RHEL 7 : RHSA-2017:2681-01
RHEL 6 : RHSA-2017:2679-01
Search with the above id’s for individual platforms.
For illustration, we have chosen “Ubuntu 14.04 LTS” system. “ID: USN-3422-1” will used in search bar as shown in Fig1.
To find the vulnerability in all platforms, use the respective ID’s mentioned above.
Ex: To search on “RHEL 7”, “ID : RHSA-2017:2681-01” need to be used in search bar.
How to check if systems are prone to “BlueBorne Vulnerability”?
Step1: Search for “USN-3422-1” from the top search bar as shown below. (ID : “USN-3422-1” will search across Ubuntu OS)
Step 2: After clicking on search button, if any hosts are prone to BlueBorne Vulnerability will be listed as shown below.
How to remove “BlueBorne Vulnerability” using Saner solution?
Step 1: Click on“Command And Control” section tab. A window appears as shown below. Click on “Create command” on the top right corner.
Step 2: Click on “Remediation” to remediate the vulnerability.
Step 3: Select “Remediation Job”, choose a group of devices and from “Vulnerable/Non-Compliant Assets” select “linux-image-generic-4.4”. Fill in Name and Description and click on “Add”.
Step 4: We can see the job is created. Saner will start to roll out the patch to all systems selected. Status will be
ongoing once the job gets created.
Step 5: Click on refresh, remediating “BlueBorne Vulnerability on Linux” will be success. which can be seen in below
To download the full article, please open the below pdf attachment.