A collection of Bluetooth attack vectors were discovered and related vulnerabilities known as "BlueBorne" were disclosed. These vulnerabilities collectively endanger amongst others Windows, Linux and mobile operating systems like Android or IOS. An unauthenticated attacker may take control of devices and perform commands or access sensitive data.
An unauthenticated, remote attacker may be able to obtain private information about the device or user, execute arbitrary code on the device or perform a virtually invisible Man-in-the-middle (MitM) attack.
Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device. For released firmware updates see table below.
|CT50-Ex Windows||10/2017||Microsoft Update|
|Pad-Ex 01||09/2017||Microsoft Update|
In case there is no update available, users should consider the following workaround:
Deactivation of Bluetooth on the device
Unused or not needed Bluetooth should be switched off / disabled on affected devices.
These vulnerabilities were publicly disclosed by Ben Seri and Gregory Vishnepolsky of Armis.