Now, researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and Windows –by utilizing the most common feature included in modern devices, BLUETOOTH CONNECTIVITY, and using a Bluetooth exploit BlueBorne.
Over the past decade, Bluetooth has become almost the default way for billions of devices to exchange data over short distances, allowing PCs, cellphones and tablets to transfer all sorts of digital information like videos and pictures, and even serve as a wireless connection such as audio to speakers and phones to send pictures to nearby computers.
This 12 September 2017, Armis security reported details of a new Bluetooth vulnerability that could potentially expose millions of devices to remote attack.
Named as Blueborne, the attack works by camouflaging as a Bluetooth device and exploiting weaknesses in the protocol to deploy malicious code, similar to a Broadcom Wi-Fi attack. Because Bluetooth devices have high privileges in most operating systems, the attack can be executed without any input from the user. Blueborne
does not require devices to be paired with the malicious device, or even be set in discoverable mode.
Any iPhones running prior to iOS 10 are immune to the attack. However, Microsoft has already deployed a patch to fix the bug last July 2017. Presumably, the attack is most potent against Android and Linux devices, because the Bluetoothimplementations in both operating systems are vulnerable to memory corruption exploits that execute virtually any code of the hacker’s preferences. The Bluetooth functionality in both OSes also runs with high system privileges, allowing the resulting infection to access sensitive system resources and even survive after multiple reboots.
The BlueBorne vulnerability has several stages. First, it requires an attacker to identify devices which have Bluetooth connections around them. Again, these can be found even if the software isn’t telling the device to be in discoverable mode. The next step involves the attacker obtaining the target’s MAC address, and then they need
to probe it to identify the operating system. Once that is known, the attacker can adjust their exploit and use it to create a Man-in-The-Middle attack and control the device’s communication, or take full control over the device.
The BlueBorne’s set of capabilities is extremely functional to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices. The BlueBorne attack vector surpasses the capabilities of most attack vectors by penetrating secure “air-gapped” networks which are disconnected from any other network, including the internet.
The broader implications of the BlueBorne attack are troubling. If a group is targeting a specific person, Bluetooth is a pretty good way to hack their phone, regardless of whether the group is using Blueborne or a more general vulnerability. If a user is behind on updates and patches, there shall be a good chance of being vulnerable.
Microsoft users can be complacent with the latest patches. Android users, unfortunately, need to wait for security patches for their devices, as it depends on your device manufacturers.
In the meantime, users can install “BlueBorne Vulnerability Scanner” app created by Armis security team from Google Play Store to check if their devices are vulnerable to BlueBorne attack or not. If found vulnerable, users are advised to turn off Bluetooth on your device when not in use.
The simplest protection is to leave Bluetooth off, but since phones are still vulnerable when they’re connected to a Bluetooth device, the only recommendation is not to use Bluetooth at all. As Bluetooth devices become more widespread, bugs like Blueborne will only get more powerful and more sophisticated.