BlueBorne- A New Attack Vector – Security researchers over at Armis Labs have published a detailed technical whitepaper detailing a severe vulnerability that can, potentially, leave billions of Bluetooth-enabled devices susceptible to remote code execution and MiTM (Man-in-The-Middle) attacks. So in case you are already intrigued about BlueBorne, here’s what you need to know about it so that you don’t end up becoming an unwitting victim of cyber-crime:
What is BlueBorne?
Simply put, BlueBorne is an attack vector that can allow cyber criminals to use Bluetooth connections to silently take control of targeted devices without any action whatsoever on part of the victim. What’s really disconcerting is that for a device to be compromised, it doesn’t have to be paired to the attacker’s device, nor does it even need to be set to ‘discoverable’ mode. As many as eight separate zero-day vulnerabilities (including four critical ones) can be used to hack into most Bluetooth devices in use today, irrespective of the operating system. What that means in essence, is that over 5 billion Bluetooth-enabled devices from around the world are potentially vulnerable from this massive security loophole that was detailed earlier this week by IoT-focused security research firm, Armis Labs. According to the technical whitepaper published by the company, BlueBorne is particularly dangerous not only because of its massive scale, but because the loopholes actually facilitate remote code execution as well as Man-in-The-Middle attacks.
What devices are affected from BlueBorne?
“The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use,” the researchers write in the blog post.
Since April, the researchers have informed Google, Microsoft, Apple, Samsung, and the Linux Foundation and worked with them to roll out the fix. A coordinated public disclosure was made on September 12.
The vulnerability in the case of iOS devices is limited to iOS 9.3.5 and lower versions. For Apple TV, it’s 7.2.2 and lower. For iOS 10, no patch is required as the bug is already eliminated.
All Android devices, except the ones “only” using Bluetooth Low Energy, are affected by four vulnerabilities (CVE-2017-0781, CVE-2017-0782, CVE-2017-0785, CVE-2017-0783) that are a part of BlueBorne.
The bugs impact devices like Google Pixel, Samsung Galaxy, Pumpkin Car Audio System, etc. You can download the Armis BlueBorne Scanner app from Google Play to check if your Android device is affected.
While there is no mention of Android Oreo, Google has issued security patches for Android Nougat and Marshmallow as a part of the September Security Bulletin.
Windows versions released since Vista are affected by vulnerability (CVE-2017-8628) called “Bluetooth Pineapple”. It can be used to perform MITM attacks.
Microsoft has released the fix through their Patch Tuesday update on September 12.
Linux (now this is shocking!!)
Currently, there is no patch available for Linux devices where the Linux kernel is at heart of various operating systems, commonly known as Linux distributions.
The researchers say the ones running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250). Linux devices released since October 2011 (3.3-rc1) are affected by the remote code execution bug (CVE-2017-1000251).
How Can Hackers Exploit the BlueBorne Security Vulnerability?
BlueBorne is a highly infectious airborne attack vector that has the potential to spread from device to device through air, which means a single compromised device can, in theory, infect dozens of devices around it. What makes users especially vulnerable to the threat is the high level of privileges that Bluetooth run with on all operating systems, allowing attackers to have virtually full control over compromised devices. Once in control, cyber criminals can use these devices to serve any of their nefarious objectives, including cyber espionage and data theft. They can also remotely install ransomware or incorporate the device as part of a large botnet to carry out DDoS attacks or commit other cyber crimes. According to Armis, “The BlueBorne attack vector surpasses the capabilities of most attack vectors by penetrating secure “air-gapped” networks which are disconnected from any other network, including the internet”.
How to Protect your Bluetooth-Enabled Device From BlueBorne?
Microsoft released the BlueBorne security patch for its operating systems on July 11, so as long as you have automatic updates enabled or have manually updated your PC in the past couple of months and installed all the latest security patches, you should be safe from these threats.
If you’re using iOS 10 on your device, you should be fine, but if you’re stuck on earlier versions of the operating system (version 9.3.5 or older), your device is vulnerable until Apple releases a security patch to fix the problem.
Google released the BlueBorne fixes to its OEM partners on August 7th, 2017. The patches were also made available to users around the world as part of the September Security Update Bulletin, which was officially released on the 4th of this month. So if you’re using an Android device, go over to Settings > About Device > System Updates to check if your vendor has yet rolled out the September 2017 security patch for your device. If so, install it promptly to keep yourself and your Android device safe from BlueBorne.
If you’re running any Linux distro on your PC or using a Linux kernel-based platform like Tizen on your IoT / connected devices, you might have to wait a tad longer for the fix to filter through because of the coordination required between the Linux kernel security team and the security teams of the various independent distros. If you have the requisite technical knowhow, though, you can patch and rebuild the BlueZ and the kernel yourself by going over going over here for BlueZ and here for the kernel.
In the meantime, you can just disable Bluetooth completely on your system by following these simple steps:
- Blacklist the core Bluetooth modules
printf "install %s /bin/true\n" bnep bluetooth btusb >> /etc/modprobe.d/disable-bluetooth.con
- Disable and stop the Bluetooth service
systemctl disable bluetooth.service systemctl mask bluetooth.service systemctl stop bluetooth.service
- Remove the Bluetooth Modules
rmmod bnep rmmod bluetooth rmmod btusb
If you get error messages saying other modules are using these services, make sure to remove the active modules first before trying again.
If you find this article helpful do let us know your thoughts in the comment section.