BlueBorne Attack Could Be the Most Dangerous to Date

The latest security flaw, the BlueBorne attack was released by Armis Labs recently and it’s worth paying attention to. This is the latest in a long list of security flaws, however this is considered to be one of the most dangerous attack vectors that has been released. In fact, with an estimated 8 billion devices potentially affected, it could be the largest ever security flaw to date.

It’s all around us – Bluetooth that is

BlueBorne has the capability to propagate itself over the air using Bluetooth, and by simply being physically close to an infected device, it can infect a range of major operating systems, including Windows, Linux, Android, and iOS prior to iOS 10.

Since many IoT devices run Linux, this includes cameras, TVs, watches, printers, cars, home automation systems, and even medical appliances.

An example attack scenario

If this attack was weaponised to self-propagate, then anyone you walked past on the street would become infected, then anyone they walked past would become infected. If you then walked into your corporate offices, then anyone near you would become infected, and any vulnerable corporate devices using Bluetooth would become infected, such as printers, audio devices, cameras, projectors, laptops and phones.

This is comparable to a highly-infectious human virus that spreads over the air at an exponential rate, which gives you an idea of how quickly a BlueBorne attack could spread.

It works around the Bluetooth controls we all use

This attack is achieved by using eight newly discovered security flaws in the implementation of Bluetooth within these operating systems. The attack does not require the targeted device to be set on discoverable mode, does not require pairing with the targeted device, and does not require the targeted user to authorise the Bluetooth connection.

As we have seen over the years with the growing amount of complex software, these vulnerabilities have ultimately come about due to the highly-complex specifications of Bluetooth that has led to flawed implementations of Bluetooth by the big technology vendors, as well as standard programming errors that introduce vulnerabilities including buffer overflows.

Armis Labs released an extremely detailed whitepaper that provides an in-depth analysis of the following vulnerabilities:

1. Linux kernel RCE vulnerability - CVE-2017-1000251
2. Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250
3. Android information Leak vulnerability - CVE-2017-0785
4. Android RCE vulnerability #1 - CVE-2017-0781
5. Android RCE vulnerability #2 - CVE-2017-0782
6. The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-0783
7. The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-8628
8. Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315

The challenge of no common Bluetooth vulnerability

As we can see from the following diagram, each of these vulnerabilities has been found in different areas of the Bluetooth stack in each of the different operating systems. This means that there wasn’t a single common Bluetooth vulnerability, but instead independent operating system specific vulnerabilities.

The researchers also state that due to the highly-complex nature of the Bluetooth specification, and the outdated and missing details, these vulnerabilities may only be the tip of the ice berg for Bluetooth related attacks.

The risks to organisations and individuals

Although this attack is not currently exploiting devices in the wild, that we know of, the whitepaper that has been released is extremely detailed and has sufficient information for an attacker to develop a working exploit for the various vulnerabilities.

Depending upon the intention of the attacker, this could lead to:

• Major ransomware infections across mobile and desktop operating systems
• Identity theft through access to desktop and mobile phone apps and emails
• Two-factor authentication bypass via compromised phones and access to SMS
• Major security breaches or outages to any business, and specifically health care and critical infrastructure systems that use Bluetooth. This introduces the risk of health and safety impacts similar to that experienced by the WannaCry attacks on the UK health system.

The steps to take to protect yourself

The simple answer is to disable Bluetooth on your devices if you aren’t using it.

If you do actually need to use Bluetooth, then the major technology vendors have released security patches for these vulnerabilities. This means that in most cases you can simply install the latest security patches and you should be protected.

Although Google has released patches for Android devices, it is up to the hardware manufacturer to implement and distribute these security patches to their end users. This can be a delayed process so don’t assume that your updates are already available, or that they will be distributed at all.

You may also need to manually upgrade other Bluetooth enabled devices, such as printers, cameras, home routers, entertainment systems, and any IoT device within your home or office.