Nextgov Staff | Nextgov | September 18, 2017 | 0 Comments

Hackers Can Get Into Your Device Via Bluetooth and That Other Equifax Breach

LDprod/Shutterstock.com

Welcome to Threatwatch, Nextgov's regularly updated index of cyber incidents. The Federal Trade Commission acknowledged it would investigate the Equifax data breach of 143 million U.S. consumers, but here's what else went on last week:

Bluetooth Bug Leaves Windows, Linux, Android Devices Vulnerable

Security researchers created an attack that can access Linux, Android and Windows devices through Bluetooth wireless technology.

Armis researchers called the vulnerability BlueBorne, and it allows an attacker to execute code on a device if Bluetooth is turned on and within 32 feet. The attack takes less than 10 seconds and can be done without a user clicking links or taking any action—the Bluetooth just has to be on, researchers told Ars Technica.

Apple’s iOS 10 wasn’t affected but previous versions were, while Microsoft issued patches, as did Google for the Nougat and Marshmallow versions for the Android OS, Engadget reported. Google’s Android ecosystem, however, relies on many other third-party manufacturers to issue patches too, which have historically has been slow to issue fixes.

As of Tuesday, when Armis researchers publicly disclosed the flaw, they weren’t aware of any Linux patches, they told Engadget.

The Other Equifax Breach

Equifax, the credit monitoring company in headlines for exposing 143 million Americans’ data, used an easy-to-guess default password to access the records of Argentinians.

Security blogger Brian Krebs Sept. 12 reported Equifax Argentina used the username and password “admin/admin” for an online portal that its employees used to manage credit report disputes. Anyone who logged in could access employee records as well as about 14,000 consumer complaints that include their DNI—the equivalent of a Social Security number.

The company temporarily shut the website down, BBC reported Sept. 13. An Equifax spokeswoman told the BBC the company found no indication that customers had been “negatively affected” and the incident was not related to Equifax breach that affected U.S. consumers.

Comments
JOIN THE DISCUSSION