Billions of devices impacted by new Bluetooth attack

EnlargeFord Asia Pacific

Once attackers are able to penetrate a device using BlueBorne, they can take full control of the devices and laterally spread this malware to adjacent devices with Bluetooth enabled.

"We found the BlueBorne vulnerabilities somewhat by accident while we were doing research on wireless security, Izrael said". And devices running Bluetooth turn out to be fairly easy to identify with network sniffing tools, even when set to be non-discoverable.

The researchers rated three of the flaws they found as critical as they allowed attackers to take over devices, conduct man-in-the-middle attacks or intercept communications over Bluetooth.

Other attacks would allow attackers to remotely execute malicious code on the device, which could be used to hijack or corrupt a Bluetooth-enabled device. The vulnerabilities found in Wi-Fi chips affect only the peripherals of the device, and require another step to take control of the device. Bluetooth itself limits the bug even further: Blueborne can only target devices within range of the hackers, and only devices with Bluetooth turned on.

Armis, which has a commercial stake in the IoT security space, warned that the attack vector can be exploited silently. For example, a delivery person dropping a package at a bank could carry weaponized code on a BlueTooth-enabled device. BlueBorne is highly infectious as it spreads further via the victim devices. The researchers reported them to Google, Microsoft, and Apple in April and to Linux Maintainers in August. Armis added that over 180 million Android devices will never see this patch since they are no longer supported.

According to Armis Labs, BlueBorne not only affects billions of smartphones, desktops, sound systems, and medical devices, but it requires no action from users. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device. The iOS flaw does not have identifiers at the moment.

All Android phones, tablets, and wearables, apart from those using only Bluetooth Low Energy, are potentially vulnerable to the four Android flaws.

"In theory, to be safe on these devices, Bluetooth needs to be disabled until a patch is applied", said Mark James, an expert at cybersecurity firm ESET. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here. Microsoft said Windows phones are not impacted by BlueBorne. Izrael said he expects Linux maintainers to release a fix soon.

Linux devices running BlueZ are affected by the information leak flaw and those from version 3.3-rc1, released in October 2011, are affected by the remote code execution flaw. Samsung's Tizen OS, based on Linux, is also affected. BlueBorne was patched in iOS 10. ZDNet's own testing, using Armis' app to check local and nearby Android devices for the vulnerabilities, shows several BlackBerry phones are at risk, as well as other Android devices.

Apple fixed the vulnerability for its devices with an update to iOS 10, which 89 percent of all iOS device users have updated to.

A technical report on the BlueBorne flaws is available here.

Devices with Bluetooth enabled are constantly searching for other Bluetooth devices, which can allow an attacker to use the BlueBorne vulnerability to connect to it without having to pair with said device.

Seri added that in his view over the last decade the research community has not spent a lot of time looking at Bluetooth flaws.

Related:

Comments

Latest news

Why There's Much More To Come From Paul Pogba At Manchester United
The France worldwide played just 19 minutes at Old Trafford after pulling his left hamstring in a challenge with Mohamed Elyounoussi.

JPMorgan's Dimon calls bitcoin a 'fraud'
Banks have avoided getting involved in bitcoin because of those types of connections to illegal online activity and money laundering.

Rohingya violence a 'textbook example of ethnic cleansing,' United Nations rights chief says
In response, the military unleashed what it called "clearance operations" to root out the insurgents. Dhaka's Buddhist community also protested Myanmar's treatment of the Rohingyas.

Toronto hydro crews en route to Florida in wake of Irma
Pacific Gas & Electric crews started to restore power to Florida Power & Light Customer following Hurricane Irma. Pictured: Gulf Power crews roll out of their Pine Forest Road office Tuesday morning for Tampa.

Marathon Oil Stock Remained Flat Last Week
The stock of Marathon Oil Corporation (NYSE:MRO) earned "Outperform" rating by Howard Weil on Wednesday, February 1. The stock of Marathon Petroleum Corp (NYSE:MPC) has "Buy" rating given on Thursday, July 27 by RBC Capital Markets.

Other news