The the buffer.Using these flaws, an attacker can

The vulnerability i chose for this report is VU#24p311 “multiple bluetooth implementation vulnerabilities affect different devices.According to cert, a number of bluetooth vulnerabilities known as “BlueBorne” have been tested and released for the public to see.These vulnerabilities are system wide and affect not only PC operating system like LINUX and WINDOWS but phone based OS like android and tyzen too.Using these exploits, a hacker could gain access to a device remotely and gain system level access and could potentially perform unauthorized commands on a device.Some of the explained exploits are:-Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)Which does not properly check the length of the rsp argument allowing a hacker to overload the memory that checks for valid L2CAP responseOut-of-bounds ReadAn attacker may be able to control the continuation state within SDP request packets.Channel Accessible by Non-Endpoint (‘Man-in-the-Middle’)Incorrect requirements in the PAN profile of the Bluetooth can allow attacker to gain permissions to perform middleware attacks on the system.Heap-based Buffer Overflowdoes not properly validate the CID for incoming Bluetooth LEAP audio data. Which allow the hackers to send packets and overload the buffer.Using these flaws, an attacker can skilled attacker can very easily gain access to your system and any unauthorized attacks can then be conducted from within your own system which is then unable to defend against it and falls victim to the attacker and may end up losing all the data or leaking it.These flaws/vulnerabilities can be an easy target but can be fixed with the use of a security patch to the system that fixes the errors it faces and enable the system to restrict access to unauthorised personnel. All the major systems have put up threads regarding this flaw and have organized security patches. Mobile phone patches have been delayed and it is therefore recommended that people not use their phone’s bluetooth for the time till the patch comes out.Hope this helps…


I'm Johnny!

Would you like to get a custom essay? How about receiving a customized one?

Check it out