Billions Of Devices At Risk From Bluetooth Flaws — Blueborne Attacks

Posted September 13, 2017

Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet.

Attackers can exploit the information leak problem in order to extract sensitive information from the device memory, information that can then help them exploit the remote code execution vulnerabilities and take complete control of the targeted devices.

Armis has released a white paper that describes the how the vulnerability works and how it can be exploited.

Devices with Bluetooth enabled are constantly searching for other Bluetooth devices, which can allow an attacker to use the BlueBorne vulnerability to connect to it without having to pair with said device.

According to security firm Armis, who pinpointed the vulnerability, BlueBorne is a new vector attack that affects Bluetooth devices and spreads through the air, quickly putting numerous targets in jeopardy.

The more serious flaws allow an attacker to gain control of affected devices and their data, and steal sensitive business data from corporate networks.

All Android phones, tablets, and wearables, apart from those using only Bluetooth Low Energy, are potentially vulnerable to the four Android flaws. Google is issuing a security patch for Android 7 Nougat and Android 6 Marshmallow and is now notifying manufacturers to push the update out ASAP. Seri was able to turn the device on remotely, take photos, and export them back to his computer - but his cursor wandered the Pixel's screen to issue commands, which would be a giveaway to the phone's owner if they were watching their screen.

How many and which devices are vulnerable?

Now, researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows. "Malware exploiting the attack vector may be particularly virulent by passing peer-to-peer and jumping laterally, infecting adjacent devices when Bluetooth is switched on".

The vulnerability in the case of iOS devices is limited to iOS 9.3.5 and lower versions.

"And that's a critical attack because it's airborne and can spread just by being near someone, and it affects most of the major operating systems and devices that are on the internet". And, though the attacks require close proximity to a vulnerable device, no interaction with a victim is needed, said the researchers. Those devices will remain vulnerable to these Bluetooth attacks indefinitely.

Most attack vectors require a user to click on a malicious link or download a file containing a payload.

Armis Labs claims that the only thing the attack needs is an enabled Bluetooth on the targeted device.

The process begins by the discovery of a particular device to hack. You can solve this by simply updating to iOS 10, or the newest tvOS as both are protected.

It would seem that Apple devices running iOS10 are not affected, those running an earlier version of the mobile OS of Apple. For example, a delivery person dropping a package at a bank could carry weaponized code on a BlueTooth-enabled device.

Microsoft has released the fix through their Patch Tuesday update on September 12.

Nonetheless, some devices will never receive a BlueBorne patch as the devices have reached End-Of-Life and are not being supported.