What is BlueBorne?
BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.
-The BlueBorne vulnerabilities are a set of 8 separate vulnerabilities.They can be broken down into groups based upon platform and type. There were vulnerabilities found in the Bluetooth code of the Android, iOS, Linux and Windows platforms:
- Linux kernel RCE vulnerability - CVE-2017-1000251
- Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250
- Android information Leak vulnerability - CVE-2017-0785
- Android RCE vulnerability #1 - CVE-2017-0781
- Android RCE vulnerability #2 - CVE-2017-0782
- The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-0783
- The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-8628
- Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315
The vulnerabilities are a mixture of information leak vulnerabilities, remote code execution vulnerability or logical flaw vulnerabilities. The Apple iOS vulnerability was a remote code execution vulnerability due to the implementation of LEAP (Low Energy Audio Protocol). This vulnerability was only present in older versions of the Apple iOS.
What is the risk?
The BlueBorne attack vector has several qualities which can have a devastating effect when combined. By spreading through the air, BlueBorne targets the weakest spot in the networks’ defense – and the only one that no security measure protects. Spreading from device to device through the air also makes BlueBorne highly infectious. Moreover, since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device.
Unfortunately, this set of capabilities is extremely desireable to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices like the Mirai Botnet or mobile devices as with the recent WireX Botnet. The BlueBorne attack vector surpasses the capabilities of most attack vectors by penetrating secure “air-gapped” networks which are disconnected from any other network, including the internet.
How to Protect YourSelf?
Android
All Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions are affected by four vulnerabilities found in the Android operating system, two of which allow remote code execution (CVE-2017-0781 and CVE-2017-0782), one results in information leak (CVE-2017-0785) and the last allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-0783).
Examples of impacted devices:
- Google Pixel
- Samsung Galaxy
- Samsung Galaxy Tab
- LG Watch Sport
- Pumpkin Car Audio System
Google has issued a security update patch and notified its partners. It was available to Android partners on August 7th, 2017, and made available as part of the September Security Update and Bulletin on September 4, 2017. We recommend that users check that Bulletin for the latest most accurate information. Android users should verify that they have the September 9, 2017 Security Patch Level,
Note to Android users: To check if your device is at risk or is the devices around you are at risk, download the Armis BlueBorne Scanner App on Google Play.
Windows
All Windows computers since Windows Vista are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-8628).
Microsoft issued has security patches to all supported Windows versions on July 11, 2017, with coordinated notification on Tuesday, September 12. We recommend that Windows users should check with the Microsoft release at here for the latest information.
Linux
Linux is the underlying operating system for a wide range of devices. The most commercial, and consumer-oriented platform based on Linux is the Tizen OS.
- All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250).
- All Linux devices from version 2.6.32 (released in July 2009) until version 4.14 are affected by the remote code execution vulnerability (CVE-2017-1000251)
Examples of impacted devices:
- Samsung Gear S3 (Smartwatch)
- Samsung Smart TVs
- Samsung Family Hub (Smart refrigerator)
Patches to Linux vulnerabilities have been pushed to the upstream projects. The information leak vulnerability was patched here, and the remote code execution was patched here Linux distributions have started to push updates as well, please look for specific updates made by your distribution.
iOS
All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability (CVE-2017-14315). This vulnerability was already mitigated by Apple in iOS 10, so no new patch is needed to mitigate it. We recommend you upgrade to the latest iOS or tvOS available.
If you are concerned that your device may not be patched, we recommend disabling Bluetooth, and minimizing its use until you can confirm a patch is issued and installed on your device.
Amazon Echo and Google Home
These devices were identified as impacted by BlueBorne.
Thanks For Reading!!
Be Safe,Secure & Updated...