Billions of devices at risk as new cyber-attack explores Bluetooth vulnerability

Posted September 13, 2017

Armis is a security platform that specialises in securing IOT devices, and it recently published details of a new Bluetooth vulnerability that could potentially leave millions of devices vulnerable to remote attack.

Instead, it could take advantage of four critical zero-day bugs and spread "over the air".

According to Armis, BlueBorne is "an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices".

✯ Disable Bluetooth unless you need to use it, but then turn it off immediately. That's why the attack vector collection is called BlueBorne.

BlueBorne vulnerabilities are tracked under the following identifiers: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices; CVE-2017-1000251 and CVE-2017-1000250 for Linux; and CVE-2017-8628 on Windows. "The vulnerabilities permeate all the major stacks on devices, and given Bluetooth's popularity we estimate there to be 5.3 billion vulnerable devices". If one of the affected devices has Bluetooth on, it's a target. The biggest issue is that the Bluetooth devices often times use higher privileges, which then leads to these attacks happening without the user having any input. Blueborne doesn't require devices to be paired with the malicious device, or even be set in discoverable mode.

Understandably, you want to know what's going on in terms of trying to stop the spread of BlueBorne around the world. "The vulnerabilities in Blueborne are very wide spread and patches will be coming out for months".

Back in April, Armis started getting in touch with several manufacturers to address BlueBorne, contacting Google, Microsoft, Apple, Samsung, and Linux. A coordinated public disclosure was made on September 12.

Old versions of iOS that were released before iOS10 have a flaw in a low energy audio protocol invented by Apple that allows attackers to implant data into a system's memory, which could allow an attacker to run its own commands on an iOS system. It spreads locally via Bluetooth, and the hacker does not need to pair with the device to infect it.

The security firm showed that a hacker can exploit one BlueBorne vulnerability to launch MitM attacks against Windows computers and redirect the victim's browsing session to a phishing website.

While there is no mention of Android Oreo, Google has issued security patches for Android Nougat and Marshmallow as a part of the September Security Bulletin. It can be used to perform MITM attacks. Microsoft patched the vulnerability in the July update, but not all users patch their machines as soon as an update is available. We were lucky that the vulnerability was discovered by security researchers and not hackers.

Linux devices running BlueZ are affected by the information leak flaw and those from version 3.3-rc1, released in October 2011, are affected by the remote code execution flaw.

Linux-based devices are also prone to be infected, including Samsung's Gear S3 smartwatch, smart TVs, and Family Hub.

Pixel devices have already received the updates. "Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats".