Asecurity firm Armis has identified a set of 8 zero-day bugs, collectively known as BlueBorne, which put Bluetooth-capable devices at the risk of being compromised. The firm speculates the number of bugs might increase as their research continues.
Armis has tagged four of the vulnerabilities as critical. These bugs allow attackers to take control of users’ device, steal confidential data, access corporate networks, perform remote code execution and MITM attacks, spread malware to nearby devices, and even penetrate “air-gapped” networks.
All of this can be done wirelessly, an advantage of the Bluetooth technology, over the air (airborne). That’s why the attack vector collection is called BlueBorne.
The list of affected hardware includes common devices like smartphones, tablets, PCs running operating systems like Android, iOS, Windows, Linux, etc., as well as, various IoT devices. Bluetooth SIG estimates there are around 8.2 billion Bluetooth-compatible devices. So, potentially, it’s almost every Bluetooth device, according to the researchers.
Armis researchers have described BlueBorne in a detailed post. The security firm notes that the Bluetooth radio of the target devices should be turned on to perform the attack. There is no need for the device to be paired with the attacker, and it works even if the target device is not discoverable.
BlueBorne’s capabilities of spreading from one device to another over the air are dangerous. And it could even serve as the launchpad for the creation of large botnets like Mirai and WireX.
What devices are affected from BlueBorne?
“The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use,” the researchers write in the blog post.
Since April, the researchers have informed Google, Microsoft, Apple, Samsung, and the Linux Foundation and worked with them to roll out the fix. A coordinated public disclosure was made on September 12.
The vulnerability in the case of iOS devices is limited to iOS 9.3.5 and lower versions. For Apple TV, it’s 7.2.2 and lower. For iOS 10, no patch is required as the bug is already eliminated.
All Android devices, except the ones “only” using Bluetooth Low Energy, are affected by four vulnerabilities (CVE-2017-0781, CVE-2017-0782, CVE-2017-0785, CVE-2017-0783) that are a part of BlueBorne.
The bugs impact devices like Google Pixel, Samsung Galaxy, Pumpkin Car Audio System, etc. You can download the Armis BlueBorne Scanner app from Google Play to check if your Android device is affected.
While there is no mention of Android Oreo, Google has issued security patches for Android Nougat and Marshmallow as a part of the September Security Bulletin.
Windows versions released since Vista are affected by vulnerability (CVE-2017-8628) called “Bluetooth Pineapple”. It can be used to perform MITM attacks.
Microsoft has released the fix through their Patch Tuesday update on September 12.
Currently, there is no patch available for Linux devices where the Linux kernel is at heart of various operating systems, commonly known as Linux distributions.
The researchers say the ones running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250). Linux devices released since October 2011 (3.3-rc1) are affected by the remote code execution bug (CVE-2017-1000251).
Examples of impacted devices include Samsung Gear S3, Samsung Smart TVs, and Samsung Family Hub.
How to update protect my device from BlueBorne?
According to the researchers, BlueBorne vulnerabilities could be spread using new ways. Thus, traditional security measures including firewalls, mobile data management, network security solutions, endpoint protection, etc. aren’t effective against such attacks as they are mostly designed to counter internet-based threats.
The first and foremost thing you can do is update your device if the manufacturer has been kind enough to deliver the security patch.
Make sure that Bluetooth on your device isn’t enabled when not needed. Special attention should be paid while using Bluetooth on your phone, be alert regarding unsuspicious activities.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.