{"id":476070,"date":"2023-08-09T07:25:33","date_gmt":"2023-08-09T07:25:33","guid":{"rendered":""},"modified":"2023-09-05T11:11:58","modified_gmt":"2023-09-05T11:11:58","slug":"blueborne","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/vn\/wiki\/blueborne\/","title":{"rendered":"BlueBorne"},"content":{"rendered":"

BlueBorne l\u00e0 t\u1eadp h\u1ee3p c\u00e1c l\u1ed7 h\u1ed5ng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn thi\u1ebft b\u1ecb Bluetooth, c\u00f3 kh\u1ea3 n\u0103ng khi\u1ebfn h\u00e0ng t\u1ef7 thi\u1ebft b\u1ecb kh\u00f4ng d\u00e2y v\u00e0 h\u1ed7 tr\u1ee3 Internet g\u1eb7p r\u1ee7i ro. Vect\u01a1 t\u1ea5n c\u00f4ng n\u00e0y th\u1ec3 hi\u1ec7n m\u1ed1i \u0111e d\u1ecda \u0111\u00e1ng k\u1ec3 \u0111\u1ed1i v\u1edbi t\u00ednh b\u1ea3o m\u1eadt v\u00e0 quy\u1ec1n ri\u00eang t\u01b0 c\u1ee7a ng\u01b0\u1eddi d\u00f9ng c\u0169ng nh\u01b0 h\u1ec7 th\u1ed1ng, v\u00ec n\u00f3 c\u00f3 th\u1ec3 l\u00e2y nhi\u1ec5m sang c\u00e1c thi\u1ebft b\u1ecb m\u00e0 kh\u00f4ng y\u00eau c\u1ea7u ch\u00fang ph\u1ea3i \u0111\u01b0\u1ee3c gh\u00e9p n\u1ed1i v\u1edbi thi\u1ebft b\u1ecb c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng ho\u1eb7c thi\u1ebft b\u1ecb m\u1ee5c ti\u00eau ph\u1ea3i \u0111\u01b0\u1ee3c \u0111\u1eb7t \u1edf ch\u1ebf \u0111\u1ed9 c\u00f3 th\u1ec3 ph\u00e1t hi\u1ec7n \u0111\u01b0\u1ee3c.<\/p>\n

S\u1ef1 xu\u1ea5t hi\u1ec7n v\u00e0 l\u1ea7n \u0111\u1ea7u ti\u00ean nh\u1eafc \u0111\u1ebfn BlueBorne<\/h2>\n

S\u1ef1 t\u1ed3n t\u1ea1i c\u1ee7a BlueBorne l\u1ea7n \u0111\u1ea7u ti\u00ean \u0111\u01b0\u1ee3c ti\u1ebft l\u1ed9 v\u00e0o th\u00e1ng 9 n\u0103m 2017 b\u1edfi Armis Labs, m\u1ed9t c\u00f4ng ty an ninh m\u1ea1ng. C\u00e1c l\u1ed7 h\u1ed5ng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn k\u1ebft n\u1ed1i Bluetooth \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong qu\u00e1 tr\u00ecnh ph\u00e2n t\u00edch \u0111\u1ecbnh k\u1ef3 c\u00f4ng ngh\u1ec7 Bluetooth, cho th\u1ea5y 8 l\u1ed7 h\u1ed5ng zero-day, 4 trong s\u1ed1 \u0111\u00f3 \u0111\u01b0\u1ee3c ph\u00e2n lo\u1ea1i l\u00e0 nghi\u00eam tr\u1ecdng.<\/p>\n

BlueBorne \u0111\u01b0\u1ee3c coi l\u00e0 \u0111\u1ed9t ph\u00e1 nh\u1edd ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng ch\u01b0a t\u1eebng c\u00f3. N\u00f3 nh\u1eafm m\u1ee5c ti\u00eau v\u00e0o Bluetooth, m\u1ed9t giao th\u1ee9c th\u01b0\u1eddng b\u1ecb b\u1ecf qua m\u1eb7c d\u00f9 n\u00f3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng ph\u1ed5 bi\u1ebfn v\u00e0 ch\u1ee9ng minh r\u1eb1ng ngay c\u1ea3 nh\u1eefng c\u00f4ng ngh\u1ec7 \u0111\u00e3 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp v\u00e0 ph\u1ed5 bi\u1ebfn r\u1ed9ng r\u00e3i c\u0169ng c\u00f3 th\u1ec3 \u1ea9n ch\u1ee9a nh\u1eefng l\u1ed7 h\u1ed5ng \u0111\u00e1ng k\u1ec3.<\/p>\n

X\u00e2y d\u1ef1ng tr\u00ean BlueBorne: A Deep Dive<\/h2>\n

BlueBorne l\u00e0 m\u1ed9t b\u1ed9 l\u1ed7 h\u1ed5ng, kh\u00f4ng ph\u1ea3i l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng khai th\u00e1c duy nh\u1ea5t. Nh\u1eefng l\u1ed7 h\u1ed5ng n\u00e0y b\u1eaft ngu\u1ed3n t\u1eeb c\u00e1c giao th\u1ee9c Bluetooth \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng b\u1edfi nhi\u1ec1u h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00e1c nhau bao g\u1ed3m Android, iOS, Windows v\u00e0 Linux. Ch\u00fang \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u00e0ng t\u1ef7 thi\u1ebft b\u1ecb, bao g\u1ed3m \u0111i\u1ec7n tho\u1ea1i th\u00f4ng minh, m\u00e1y t\u00ednh x\u00e1ch tay, TV th\u00f4ng minh v\u00e0 thi\u1ebft b\u1ecb IoT. BlueBorne v\u1ec1 c\u01a1 b\u1ea3n l\u00e0 m\u1ed9t t\u1eadp h\u1ee3p c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ed9c l\u1eadp ho\u1eb7c k\u1ebft h\u1ee3p \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o thi\u1ebft b\u1ecb v\u00e0 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t thi\u1ebft b\u1ecb \u0111\u00f3.<\/p>\n

Y\u1ebfu t\u1ed1 r\u1ee7i ro ch\u00ednh li\u00ean quan \u0111\u1ebfn BlueBorne l\u00e0 n\u00f3 kh\u00f4ng y\u00eau c\u1ea7u b\u1ea5t k\u1ef3 s\u1ef1 t\u01b0\u01a1ng t\u00e1c n\u00e0o c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 l\u00e2y lan. N\u00f3 c\u00f3 th\u1ec3 xuy\u00ean th\u1ee7ng h\u1ec7 th\u1ed1ng ph\u00f2ng th\u1ee7 m\u00e0 kh\u00f4ng y\u00eau c\u1ea7u thi\u1ebft b\u1ecb \u0111\u01b0\u1ee3c nh\u1eafm m\u1ee5c ti\u00eau ch\u1ea5p nh\u1eadn y\u00eau c\u1ea7u k\u1ebft n\u1ed1i ho\u1eb7c nh\u1ea5p v\u00e0o li\u00ean k\u1ebft \u0111\u1ed9c h\u1ea1i. N\u00f3 ch\u1ec9 y\u00eau c\u1ea7u b\u1eadt Bluetooth tr\u00ean thi\u1ebft b\u1ecb m\u1ee5c ti\u00eau v\u00e0 n\u00f3 c\u00f3 th\u1ec3 l\u00e2y lan sang c\u00e1c thi\u1ebft b\u1ecb kh\u00e1c trong ph\u1ea1m vi c\u1ee7a n\u00f3, d\u1eabn \u0111\u1ebfn leo thang nhanh ch\u00f3ng v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng g\u00e2y thi\u1ec7t h\u1ea1i tr\u00ean di\u1ec7n r\u1ed9ng.<\/p>\n

C\u1ea5u tr\u00fac b\u00ean trong: BlueBorne ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o<\/h2>\n

BlueBorne ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng c\u00e1ch khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng trong qu\u00e1 tr\u00ecnh tri\u1ec3n khai Bluetooth trong c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00e1c nhau. Cu\u1ed9c t\u1ea5n c\u00f4ng b\u1eaft \u0111\u1ea7u b\u1eb1ng vi\u1ec7c k\u1ebb t\u1ea5n c\u00f4ng qu\u00e9t c\u00e1c thi\u1ebft b\u1ecb c\u00f3 k\u1ebft n\u1ed1i Bluetooth \u0111ang ho\u1ea1t \u0111\u1ed9ng. Sau khi \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh, k\u1ebb t\u1ea5n c\u00f4ng khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1ec3 th\u1ef1c hi\u1ec7n m\u1ed9t lo\u1ea1t ho\u1ea1t \u0111\u1ed9ng \u0111\u1ed9c h\u1ea1i, t\u1eeb ti\u00eam ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u1ebfn chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n thi\u1ebft b\u1ecb.<\/p>\n

Giai \u0111o\u1ea1n \u0111\u1ea7u ti\u00ean c\u1ee7a cu\u1ed9c t\u1ea5n c\u00f4ng li\u00ean quan \u0111\u1ebfn vi\u1ec7c x\u00e1c \u0111\u1ecbnh c\u00e1c thi\u1ebft b\u1ecb h\u1ed7 tr\u1ee3 Bluetooth v\u00e0 x\u00e1c \u0111\u1ecbnh h\u1ec7 \u0111i\u1ec1u h\u00e0nh m\u00e0 ch\u00fang s\u1eed d\u1ee5ng. Sau khi \u0111i\u1ec1u n\u00e0y \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ch\u1ecdn c\u00e1ch khai th\u00e1c ph\u00f9 h\u1ee3p t\u1eeb b\u1ed9 l\u1ed7 h\u1ed5ng BlueBorne \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o thi\u1ebft b\u1ecb.<\/p>\n

Ti\u1ebfp theo, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng nh\u01b0 ch\u1eb7n l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng, c\u00e0i \u0111\u1eb7t \u1ee9ng d\u1ee5ng \u0111\u1ed9c h\u1ea1i, \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m ho\u1eb7c chi\u1ebfm to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t thi\u1ebft b\u1ecb. \u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n \u0111\u01b0\u1ee3c m\u00e0 kh\u00f4ng c\u00f3 b\u1ea5t k\u1ef3 tri\u1ec7u ch\u1ee9ng \u0111\u00e1ng ch\u00fa \u00fd n\u00e0o, cho ph\u00e9p cu\u1ed9c t\u1ea5n c\u00f4ng kh\u00f4ng \u0111\u01b0\u1ee3c ch\u00fa \u00fd.<\/p>\n

C\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a BlueBorne<\/h2>\n
    \n
  1. Kh\u00f4ng th\u1ec3 ph\u00e1t hi\u1ec7n<\/strong>: BlueBorne l\u00e2y lan m\u00e0 kh\u00f4ng c\u00f3 s\u1ef1 t\u01b0\u01a1ng t\u00e1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng, khi\u1ebfn vi\u1ec7c ph\u00e1t hi\u1ec7n ho\u1eb7c ng\u0103n ch\u1eb7n tr\u1edf n\u00ean kh\u00f3 kh\u0103n. N\u00f3 kh\u00f4ng y\u00eau c\u1ea7u thi\u1ebft b\u1ecb ph\u1ea3i \u0111\u01b0\u1ee3c gh\u00e9p n\u1ed1i ho\u1eb7c \u0111\u1eb7t \u1edf ch\u1ebf \u0111\u1ed9 c\u00f3 th\u1ec3 ph\u00e1t hi\u1ec7n \u0111\u01b0\u1ee3c.<\/li>\n
  2. to\u00e0n n\u0103ng<\/strong>: K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 chi\u1ebfm to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t thi\u1ebft b\u1ecb, \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u ho\u1eb7c thao t\u00fang thi\u1ebft b\u1ecb cho c\u00e1c m\u1ee5c \u0111\u00edch b\u1ea5t ch\u00ednh kh\u00e1c.<\/li>\n
  3. Nhanh nh\u1eb9n<\/strong>: N\u00f3 c\u00f3 th\u1ec3 nhanh ch\u00f3ng lan sang c\u00e1c thi\u1ebft b\u1ecb h\u1ed7 tr\u1ee3 Bluetooth kh\u00e1c trong ph\u1ea1m vi c\u1ee7a n\u00f3.<\/li>\n
  4. Ph\u1ed5 qu\u00e1t<\/strong>: N\u00f3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn nhi\u1ec1u lo\u1ea1i thi\u1ebft b\u1ecb tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00e1c nhau.<\/li>\n<\/ol>\n

    Ph\u00e2n lo\u1ea1i l\u1ed7 h\u1ed5ng BlueBorne<\/h2>\n

    D\u01b0\u1edbi \u0111\u00e2y l\u00e0 b\u1ea3ng ph\u00e2n t\u00edch v\u1ec1 t\u00e1m l\u1ed7 h\u1ed5ng bao g\u1ed3m BlueBorne:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
    T\u00ean l\u1ed7 h\u1ed5ng<\/th>\nh\u1ec7 \u0111i\u1ec1u h\u00e0nh<\/th>\nS\u1ef1 va ch\u1ea1m<\/th>\n<\/tr>\n<\/thead>\n
    CVE-2017-1000251<\/td>\nLinux<\/td>\nTh\u1ef1c thi m\u00e3 t\u1eeb xa<\/td>\n<\/tr>\n
    CVE-2017-1000250<\/td>\nLinux<\/td>\nR\u00f2 r\u1ec9 th\u00f4ng tin<\/td>\n<\/tr>\n
    CVE-2017-0785<\/td>\nAndroid<\/td>\nR\u00f2 r\u1ec9 th\u00f4ng tin<\/td>\n<\/tr>\n
    CVE-2017-0781<\/td>\nAndroid<\/td>\nTh\u1ef1c thi m\u00e3 t\u1eeb xa<\/td>\n<\/tr>\n
    CVE-2017-0782<\/td>\nAndroid<\/td>\nTh\u1ef1c thi m\u00e3 t\u1eeb xa<\/td>\n<\/tr>\n
    CVE-2017-0783<\/td>\nAndroid<\/td>\nCu\u1ed9c t\u1ea5n c\u00f4ng MitM<\/td>\n<\/tr>\n
    CVE-2017-8628<\/td>\nc\u00e1c c\u1eeda s\u1ed5<\/td>\nCu\u1ed9c t\u1ea5n c\u00f4ng MitM<\/td>\n<\/tr>\n
    CVE-2017-14315<\/td>\niOS<\/td>\nTh\u1ef1c thi m\u00e3 t\u1eeb xa<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

    S\u1eed d\u1ee5ng BlueBorne: V\u1ea5n \u0111\u1ec1 v\u00e0 gi\u1ea3i ph\u00e1p<\/h2>\n

    Ph\u00e1t hi\u1ec7n c\u1ee7a BlueBorne n\u00eau b\u1eadt c\u00e1c v\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt quan tr\u1ecdng li\u00ean quan \u0111\u1ebfn c\u00f4ng ngh\u1ec7 Bluetooth, khi\u1ebfn c\u00e1c c\u00f4ng ty c\u00f4ng ngh\u1ec7 l\u1edbn ph\u1ea3i h\u00e0nh \u0111\u1ed9ng nhanh ch\u00f3ng. Gi\u1ea3i ph\u00e1p tr\u01b0\u1edbc m\u1eaft l\u00e0 c\u00e1c c\u00f4ng ty n\u00e0y ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 gi\u1ea3i quy\u1ebft c\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y.<\/p>\n

    T\u1eeb g\u00f3c \u0111\u1ed9 ng\u01b0\u1eddi d\u00f9ng, c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc sau \u0111\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro li\u00ean quan \u0111\u1ebfn BlueBorne:<\/p>\n