News for Admins

Tech News

Article from ADMIN 42/2017
By
Attacks on AI Bluetooth and Intel processors, vulnerability in Oracle Identity Manager, and containerizing OpenStack.

AI Bluetooth Attack

In September, Armis Labs disclosed a new attack vector called BlueBorne that affects Bluetooth devices. Every desktop, IoT, and mobile platform, including Android, iOS, Linux, and Windows, was affected by the bug. The only exception was Mac OS.

In its report, Armis said, "BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure 'air-gapped' networks, and spread malware laterally to adjacent devices. Armis reported these vulnerabilities to the responsible actors and is working with them as patches are being identified and released."

Armis is now reporting that two major artificial intelligence (AI)-powered virtual assistants, Amazon Echo and Google Home, are also affected by BlueBorne.

"These new IoT voice-activated Personal Assistants join the extensive list of affected devices. Personal Assistants are rapidly expanding throughout the home and workplace, with an estimated 15 million Amazon Echo and 5 million Google Home devices sold," Armis wrote in its report.

Amazon Echo is affected by two vulnerabilities: a remote code execution vulnerability in the Linux Kernel (CVE-2017-1000251) and an information leak vulnerability in the SDP Server (CVE-2017-1000250).

Google Home is affected by an information leak vulnerability in Android's Bluetooth stack (CVE-2017-0785).

Both Google and Amazon have pushed automatic updates to these devices.

Millions of Intel Processors Are Vulnerable to Attack

Earlier this year, there were multiple reports of vulnerabilities in Intel's Management Engine (ME), which allows remote management of corporate systems. The vulnerabilities were discovered by a researcher at Embedi, a firm that specializes in securing IoT devices.

Embedi said that the Intel Active Management Technology (AMT) vulnerability was the first of its kind. "The exploitation allows an attacker to get full control over a business' computers, even if they are turned off (but still plugged into an outlet)," wrote Embedi in an advisory.

"By nature, the Intel AMT exploitation bypasses authentication. In other words, an attacker may have no credentials and still be able to use the Intel AMT functionality. Access to ports 16992/16993 are the only requirement to perform a successful attack," wrote Embedi.

Now, after months of analysis, Intel has admitted that these vulnerabilities leave millions of corporate PCs exposed to attacks.

Intel said on its product security page, "In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience. As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted."

The affected products include the sixth, seventh, and eighth generation Intel Core Processor Family; the Intel Xeon Processor E3-1200 v5 and v6 Product Family; the Intel Xeon Processor Scalable Family; the Intel Xeon Processor W Family; the Intel Atom C3000 Processor Family; the Apollo Lake Intel Atom; the Processor E3900 series; and the Apollo Lake Intel Pentium and Celeron N and J series processors.

Intel has released a Windows 10 tool to analyze a system for vulnerabilities that can be downloaded (https://downloadcenter.intel.com/download/26755) and a tool for Linux that can be found online (https://downloadcenter.intel.com/download/26799).

Intel is working with PC vendors to push a firmware update. Please update your system now.

Critical Vulnerability Found in Oracle Identity Manager

A critical vulnerability in the Oracle Identity Manager allows an attacker to take complete control over a system remotely.

Oracle has offered scant details about the vulnerability, fearing further exploitation. Oracle said in an advisory: "This Security Alert addresses CVE-2017-10151, a vulnerability affecting Oracle Identity Manager. This vulnerability has a CVSS v3 base score of 10.0 and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. The Patch Availability Document referenced below provides a full workaround for this vulnerability and will be updated when patches in addition to the workaround are available."

Oracle is recommending that customers apply the updates provided by this Security Alert without delay.

According to The Hacker News, "The security patch for this vulnerability comes just about two weeks after Oracle's regular Critical Patch Update (CPU) for October 2017, which patches a total of 252 vulnerabilities in its products, including 40 in Fusion Middleware out of which 26 are remotely exploitable without authentication."

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus