Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new remote attack, even without any user interaction and pairing. The unique condition for BlueBorne attacks is that targeted devices must have Bluetooth enabled.
The new attack technique, dubbed BlueBorne, was devised by experts with Armis Labs. Researchers have discovered a total of eight vulnerabilities in the Bluetooth design that expose devices to cyber attacks.
“Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth.” reads the analysis published by Amis Labs.
“Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices. Armis reported these vulnerabilities to the responsible actors, and is working with them as patches are being identified and released.”
The attacker needs to determine the operating system running on the targeted device in order to use the correct exploit.
A hacker in range of the targeted device can trigger one of the Bluetooth implementation issues for malicious purposes, including remote code execution and man-in-the-middle (MitM) attacks.
According to the experts, in order to launch a BlueBorne attack, it is not necessary to trick the victim into clicking on a link or opening a malicious file.
The attack is stealthy and victims will not notice any suspicious activity on their device. Unfortunately, most current security solutions fail in detecting the malicious activity.
“Airborne attacks, unfortunately, provide a number of opportunities for the attacker. First, spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats. Airborne attacks can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure.” continues the analysis.
“Finally, unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file. No action by the user is necessary to enable the attack.”
The researchers have discovered information disclosure and code execution flaws in Linux, four code execution, MitM and information disclosure vulnerabilities in Android (CVE-2017-0781, CVE-2017-0782, CVE-2017-0783 and CVE-2017-0785), one vulnerability that allows MitM attacks in Windows (CVE-2017-8628) and one code execution flaw in the Bluetooth Low Energy Audio protocol used by iOS.
The attack vector could be exploited by threat actors to deliver malware with wormable capabilities.
Armis demonstrated that it is also possible for an attacker to exploit one BlueBorne vulnerability to launch MitM attacks against Windows machines and hijack the victim’s browsing session to a phishing website.
In the following video, a hacker can exploit the BlueBorne flaw to take over a Samsung smartwatch running the Tizen OS.
Google patched the vulnerabilities in Android with its September security updates, Microsoft should do it on Tuesday. highlighted that Apple has already addressed the vulnerabilities with the release of iOS 10, but earlier versions of the Apple OS remain vulnerable to the BlueBorne attack.
The development teams of Linux distributions are working to address the issues.
Further information is available on the BlueBorne technical paper published by Armis.
(Security Affairs – Bluetooth hacking, BlueBorne attack)