BlueBorne: Bluetooth Vulnerabilities Expose Billions of Devices to Hacking

September 13, 2017

Using a Bluetooth-enabled device? You might want to check if you're leaving the Bluetooth connection turned on. Regardless if it's a laptop, smartphone or any Internet of Things (IoT) device, they may be vulnerable to malware attacks that can remotely hijack them—without requiring user interaction. 

What is BlueBorne?

IoT security firm Armis detailed what they've named “BlueBorne,” a set of vulnerabilities in the implementation of Bluetooth in various operating systems (OS): Android, Linux, iOS, and Windows. If successfully exploited, they can enable attackers to remotely hijack the device. The security flaws can also let attackers jump from one Bluetooth-enabled device to another. Exploiting BlueBorne could allow an attacker to execute malicious code, steal data, and carry out Man-in-the-Middle attacks. 

BlueBorne is a bevy of the following vulnerabilities:

  • CVE-2017-1000251: a remote code execution (RCE) vulnerability in Linux kernel
  • CVE-2017-1000250: an information leak flaw in Linux’s Bluetooth stack (BlueZ)
  • CVE-2017-0785: an information disclosure flaw in Android
  • CVE-2017-0781: an RCE vulnerability in Android
  • CVE-2017-0782: an RCE flaw in Android
  • CVE-2017-0783: an MitM attack vulnerability in Android’s Bluetooth Pineapple
  • CVE-2017-8628: a similar MitM flaw in Windows’ Bluetooth implementation
  • CVE-2017-14315: an RCE vulnerability via Apple’s Low Energy Audio Protocol

How can BlueBorne attack Bluetooth-enabled devices?

The security researchers who uncovered BlueBorne estimate that 5.3 billion devices with Bluetooth capabilities are affected. Bluetooth, a specification for wireless connection, is used almost everywhere—it’s integrated into over 8.2 billion devices that stream multimedia content, transmit data, and broadcast information between electronic devices. 

BlueBorne demonstrates airborne cyberattacks. An attacker can sniff, intercept or redirect the traffic between Bluetooth-enabled devices to access their data, for instance. Armis explained in their analysis, “By probing the device, the attacker can determine which operating system his victim is using, and adjust his exploit accordingly. The attacker will then exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform and gain the access he needs to act on his malicious objective.” 

However, certain conditions have to be met before these vulnerabilities can be exploited:

  • Bluetooth must be enabled
  • The attacker must be within the Bluetooth-enabled device’s range (typically 10 meters)
  • The attack will vary per platform or OS, so having a single exploit that can target all devices is unlikely

What can you do?

Several patches are available addressing the vulnerabilities. Microsoft has released one for CVE-2017-8628 as part of their September Patch Tuesday. Google also addressed CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 through their Android Security Bulletin for September. iOS 9.3.5 and AppleTV devices with version 7.2.2 and lower are affected—released in August and December 2016, respectively—but those running iOS 10 are immune from CVE-2017-14315. Updates are now underway for the flaws identified in Linux. 

Patching and keeping the OS updated help mitigate attacks that may weaponize these vulnerabilities. Adopt best practices for mobile safety. Enforce more robust patch management policies in the workplace. If you haven’t patched your device yet, it won’t hurt to turn Bluetooth off by default and use it only when needed. Note that apart from Nexus and Pixel, updates on Android devices are fragmented, so users need to check with their manufacturer for their availability.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.