Blue borne threat?

  • Was reading up on the blue borne exploit earlier which appears to affect just about everything.

    BlueBorne Technical White Paper.pdf


    Is Libreelec already patched for this vulnerability or is it best to avoid BT usage until one is released?

    I guess it's not a particular issue for most users since their Libreelec box isn't portable or accessible but worth noting, nevertheless.

  • BlueBorne is nasty due to the immense volume of vulnerable devices but Bluetooth is a short-range PAN protocol and in practical terms this means an attacker needs to be within 3-5m of the box to exploit it, i.e. in the same room. As a result we're not too concerned and our advice would be to continue using things as normal. Once patches for kernels and bluez are available and we've been able to test things we will roll them into our next normal release or maintenance release.