Billions Of Devices At Risk From Bluetooth Flaws — Blueborne Attacks


More than 5.3 billion devices are at risk of this attack that has been identified by a security company. ZDNet's own testing, using Armis' app to check local and nearby Android devices for the vulnerabilities, shows several BlackBerry phones are at risk, as well as other Android devices.

BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. It can spread through the air (airborne) and attacks devices via Bluetooth.

"Imagine there's a WannaCry on Bluetooth, where attackers can deposit ransomware on the device, and tell it to find other devices on Bluetooth and spread it automatically".

BlueBorne vulnerabilities are tracked under the following identifiers: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices; CVE-2017-1000251 and CVE-2017-1000250 for Linux; and CVE-2017-8628 on Windows.

It said that its Windows phones were not impacted by the attack vector. Google, meanwhile, provided device manufacturers with a patch last month.

Any iPhones running iOS 10 are immune to the attack, and Microsoft deployed a patch to fix the bug in July.

The vulnerabilities were found in the Bluetooth implementations in Android, Microsoft, Linux and iOS versions pre-iOS 10.

The Bluetooth Pineapple vulnerability allows an attacker to create a MITM attack using only a Bluetooth-connected device and no special equipment, which is often required for Wi-Fi interception. The Bluetooth functionality in both OSes also runs with high system privileges, allowing the resulting infection to access sensitive system resources and survive multiple reboots. That makes the code-execution attack on that OS "highly reliable".

According to IoT security company #Armis Labs, a new #Attack Vector called #BlueBorne is able to attack interconnected devices using Bluetooth technology.

"BlueBorne is a name we gave for eight vulnerabilities found in the common Bluetooth stacks of all the major vendors", said Armis co-founder and CTO Nadir Izrael in a phone interview with The Register. The most significant one allows hackers to intercept all network traffic sent to and from the targeted Windows computer and to modify that data at will. It could also change data in transit.

BlueBorne-Android Take Over Demo. The vulnerabilities affect unpatched versions of Google Android, Microsoft Windows, Linux operating system, and Apple iOS. The researchers consider three of the flaws to be critical. All parties agreed to keep the findings confidential until today's coordinated disclosure.

However, he said he's not aware of any exploitation of these holes. Further, the hack requires an attacker to chain together several vulnerabilities and have proximity to the device, making it hard to duplicate in the wild. To launch an attack, malware can connect to a target device and remotely execute code on the phone, tablet, computer, or smart device, which lets the malware spread further to other devices.

More information on the attack can be found below.

Bluetooth is a wireless communication protocol for connecting devices over short ranges. The vulnerabilities found in Wi-Fi chips affect only the peripherals of the device, and require another step to take control of the device. All that is needed is to turn Bluetooth on. The vulnerabilities reported by Armis now reinforce the wisdom of that advice. He also downplayed the likelihood of active BlueBorne attacks, noting that there's no indication either of the Broadcom chip vulnerabilities has ever been exploited in the wild. BlueBorne does not even require an Internet connection.

A video posted by Armis demonstrates how a Google Pixel can be compromised.

"In theory, to be safe on these devices, Bluetooth needs to be disabled until a patch is applied", said Mark James, an expert at cybersecurity firm ESET. What's more: "An attacker that would want to weaponize these exploits could achieve generic exploits with very little work".