« IBM and McAfee Bolster Security | Main | Security Systems Undermined by Slips of Paper »

Patches are now available to plug the security flaws found in the Bluetooth communications software that can give hackers the ability to compromise certain machines. Bluetooth technology allows computers to exhange information wirelessly over short distances (typically between 10 to 100 meters).

The problem resides in Bluetooth device drivers made by Toshiba Corp., drivers that are also present in a number of computers made by Dell. According to Secure Works, while an attacker would not need a computer’s login credentials on the target computer, they would need the Bluetooth address of the victim’s device, but that wouldn’t be a problem for computers configured to allow other Bluetooth devices to find it out (there are several readily available Bluetooth scanning tools that could easily be used).

Secure Works reported that the Toshiba drivers are also present in some Sony Vaio and ASUS computers. It was SecureWorks researcher David Maynor and independent researcher Johnny “Cache” Ellch who revealed the flaw, and said it could lead to the ominous “blue screen of death” to appear. Both acknowledged they were not able to use the bug to install programs on a vulnerable machine.

According to Elizabeth Clarke, a spokesperson for Secure Works, Maynor "was able to demonstrate a crash that could execute code on a Dell running a Toshiba Bluetooth stack." Apparently, Dell was the only hardware platform they tested the exploit on.

Dell said it has shipped updates to fix the problem on Latitude Models D820, D620, D420, and D520. Other Latitude models also are vulnerable, including the D810, D610, D410, D510 and X1 versions, but the company doesn't expect to ship updates for those models until Nov. 4.

While it is not likely that these vulnerabilities will be readily exploited anytime soon, it is always a good idea to make sure you have the most up-to-date Bluetooth drivers.

Dell patches can be found right here. Select “Latitude,” your model, the operating system you are using, then hit “find downloads.”

To see which version of Bluetooth you have installed, follow this from Brian Kreb’s Security Fix, where this article came from: “right-click the blue "Bluetooth Manager" icon in the task bar near the system clock, then select "Device Properties" and then "General." If that doesn't work, right click on the Bluetooth Manager icon, select "Options," then "General," then "Details." Users running version 4.20.01 should download and install the "PC Bluetooth Stack," available at this link. Toshiba users with Bluetooth versions 3.x through 4.00.36 should install the "PC Bluetooth Stack Security Patch 2,” downloadable from this link.

Posted by pschooff in Better Protection • Dell • Patches • Small Medium Enterprise |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/834