A New Bluetooth Wireless Attack Vector Discovered Called “BlueBorne”
Armis Labs have just released details about a new way for malware to take control of our Android devices, and have called it “BlueBorne.” As the name might suggest, this new way to hack our devices occurs via Bluetooth. However, BlueBorne is not just an Android vulnerability; it impacts iOS, Windows, and Linux. This of course means smartphones, tablets, laptops, desktops and more. Armis Labs has already informed the respective teams responsible for patching the vulnerability and is working with companies to ensure things are secured. The reason why so many different platforms are vulnerable with the same issue is because Bluetooth is considered a “difficult protocol” to implement in devices. This means software designers tend to follow the guidelines to the letter, meaning the same issue or vulnerability can crop up across multiple platforms. Armis Labs also explain that in some respects, the Bluetooth specification documents leave much room for interpretation, which means individual developers can employ their own techniques, introducing very specific vulnerabilities into different devices.
Looking through the detail of the BlueBorne vulnerability, it has some scary-sounding abilities. There over an estimated 8 billion devices with Bluetooth in use around the world and a huge majority of these are believed to be vulnerable to BlueBorne. The BlueBorne attack vector does not need the victim machine to be paired with the attacker, nor does it need discoverable mode to be enabled. Machines can be disconnected from other and all networks but still be vulnerable. And once it gains a foothold, the BlueBorne vulnerability can be used to force the target computer to run code. Because BlueBorne uses the Bluetooth part of the respective victim machine, this gives it a default high privilege, and that means the vulnerability can quickly take “virtually full control” of the device. As such, a device could quickly and silently be used for malicious purposes, including spreading the attack to other devices with an active Bluetooth radio. Check out the demonstration videl here:
Armis Labs’ concerns are that traditionally “air gapped” devices – that meaning computers not connected to the Internet – are potentially vulnerable to the BlueBorne issue. This means industrial control systems, government agencies and other critical equipment: if it has a Bluetooth radio, it could be attacked.
Armis Labs contacted Google about the vulnerability on April 19, 2017, and Google patched Android to nullify the vulnerabilities in the September 2017 patch. Armis Labs has introduced a BlueBorne vulnerability app in the Google Play Store for customers to check their devices. Apple and Microsoft have also patched the vulnerability. Apple fixed the issue in iOS 10 but did not tell anybody – thanks Apple. Apple devices running iOS 9.3.5 or older are vulnerable and Apple do not patch older devices. Interestingly, Armis Labs also contacted Samsung on three occasions (April, May and June) but did not receive a response from any of these attempts – thanks Samsung.
If you are using an old Android device, which is no longer supported, what can you do? Ultimately, you can either decide to upgrade, or resort to keeping Bluetooth disabled when you don’t need it.