What is Blue Borne?
IoT security company Armis described “BlueBorne” as a collection of Bluetooth implementation flaws in multiple operating systems (OS), including Android, Linux, iOS, and Windows. They can let attackers remotely commandeer the device if successfully exploited. Attackers may be able to switch between different Bluetooth-enabled devices thanks to security weaknesses. An attacker might be able to run malicious code, steal information, and perform Man-in-the-Middle attacks by exploiting BlueBorne.
Aramis has identified a set of 8 zero-day bugs, collectively known as Blueborne vulnerabilities.
CVE-2017-1000251: a remote code execution (RCE) vulnerability in Linux kernel
CVE-2017-1000250: an information leak flaw in Linux’s Bluetooth stack (BlueZ)
CVE-2017-0785: an information disclosure flaw in Android
CVE-2017-0781: an RCE vulnerability in Android
CVE-2017-0782: an RCE flaw in Android
CVE-2017-0783: a MitM attack vulnerability in Android’s Bluetooth Pineapple
CVE-2017-8628: a similar MitM flaw in Windows’ Bluetooth implementation
CVE-2017-14315: an RCE vulnerability via Apple’s Low Energy Audio Protocol.
All this can be done wirelessly over the air (airborne) using Bluetooth technology. The attack vector collection is referred to as BlueBorne for this reason. According to the researchers, all most all Bluetooth devices can be affected by these Blueborne vulnerabilities. The target devices’ Bluetooth radios must be turned on to carry out the attack. It works even if the targeted device is not discoverable and does not require pairing with the attacker.
What is the risk?
The BlueBorne attack vector possesses several characteristics that, when combined, can be destructive. BlueBorne attacks the sole vulnerability in the networks’ protection, unprotected by any security mechanism, by spreading across the air. BlueBorne is very contagious and applies from device to device via air. Additionally, since the Bluetooth process has high privileges across all operating systems, taking advantage of it gives the attacker practically total control over the machine.
Unfortunately, a hacker would find this set of powers quite appealing. BlueBorne can be used for any malicious purpose, including building sizable botnets out of IoT devices like the Mirai Botnet or mobile devices like the recently discovered WireX Botnet, data theft, ransomware, and cyber espionage. By breaching secure “air-gapped” networks that are cut off from external networks, including the internet, the BlueBorne attack vector outperforms the capabilities of other attack vectors.
How can BlueBorne attack Bluetooth-enabled devices?
The attacker starts by determining which Bluetooth connections are currently functioning nearby. Devices can still be detected even with the “discoverable” mode turned off. The attacker then acquires the device’s MAC address, uniquely identifying that particular device. The attacker then probes the device to ascertain the operating system. His target uses, adjusting his exploit as necessary. The hacker can opt to conduct a Man-in-the-Middle attack and control the device’s communication, or they can gain complete control of it and utilize it for various cybercriminal activities.
However, some requirements should be satisfied to exploit these vulnerabilities. Those requirements are as follows:
Bluetooth must be on.
The attacker must be in the proximity of the Bluetooth-enabled device (typically 10 meters)
It is unlikely to have a single exploit that can target all devices because the attack will differ depending on the platform or OS.
What Is New About BlueBorne?
Attackers have immediate access to total control using BlueBorne. Furthermore, Bluetooth is virtually entirely untouched by the research community and has many more vulnerabilities than WiFi due to its larger attacker surface. Airborne attacks give the attacker a lot of opportunities. First off, spreading through the air increases the contagiousness of the attack and makes it easier for it to spread. Second, it enables the attack to avoid current security measures and go unnoticed because conventional techniques do not defend against airborne threats. Unlike typical malware or attacks, the consumer does not need to click on a link or download a suspicious file. The attack can be launched without the user taking any action.
Bluetooth is vulnerable to two types of flaws since it is a challenging protocol. On the one hand, suppliers are likely to adhere strictly to the protocol’s implementation rules, and thus if a defect is discovered in one platform, it might also affect others. These “identical twins,” CVE-2017-8628 and CVE-2017-0783 (Windows & Android MiTM), were the “mirrored” vulnerabilities that were discovered. On the other hand, some Bluetooth specifications give too much open for interpretation, leading to fragmented implementation strategies across numerous platforms, increasing the likelihood that each will have its security flaw.
What Devices Are Affected?
The Android operating system has four vulnerabilities that affect all Android phones, tablets, and wearables (except those that only use Bluetooth Low Energy). Since Windows Vista, every Windows PC has been impacted by the “Bluetooth Pineapple” vulnerability, which enables an attacker to launch a Man-in-the-Middle attack (CVE-2017-8628). The information leak issue affects all Linux machines that run BlueZ. (CVE-2017-1000250). The remote code execution vulnerability affects all iPhone, iPad, and iPod touch devices running iOS 9.3.5 and earlier, as well as AppleTV devices running 7.2.2 and earlier (CVE-2017-14315). No additional fix is required to mitigate this vulnerability because Apple previously addressed it in iOS 10.
Securing against BlueBorne
The researchers claim that new methods could be used to disseminate BlueBorne vulnerabilities. Therefore, while standard security measures are primarily created to combat internet-based risks, they are ineffective against such attacks. Examples include firewalls, mobile data management, network security solutions, endpoint protection, etc.
Updates to the OS and patching help reduce the risk of attacks that take advantage of these vulnerabilities. Adopt safe cellphone usage guidelines, and enforce stricter patch management guidelines at work. It won’t harm your device to disable Bluetooth by default; only use it when necessary if you haven’t patched it yet. Noting that updates on Android devices, except Nexus and Pixel, are fragmented, consumers should verify with their maker to confirm their availability.
Further, Android users can utilize the Google Play Store’s BlueBorne Vulnerability Scanner App to examine their devices.
Although technology is beneficial to us, employing it improperly can be risky. As a result, it is always advised to turn off any settings that are not being used. The BlueBorne attack is the most outstanding example of how our negligence can cost us a lot.