BlueBorne Attacks Impact Billions of Bluetooth Devices

IoT-focused security company Armis Labs revealed a Bluetooth-based attack that impacts billions of devices, including Android, Linux, and unpatched Windows and iOS10 or earlier devices. Along with the Bluetooth attack, which the company called "BlueBorne," Armis also revealed eight zero-day vulnerabilities that could be used to facilitate the BlueBorne attack against some devices.
According to Armis Labs, BlueBorne not only affects billions of smartphones, desktops, sound systems, and medical devices, but it requires no action from users. It's also invisible to users, and worst of all, it can start spreading from device to device on its own.
Because the Bluetooth process has high privileges on most operating systems, that means once BlueBorne reaches a device, it can also cause significant damage through remote code execution, man-in-the-middle (MITM) attacks, or by penetrating air-gapped networks that otherwise have no internet connectivity. This can make the BlueBorne attack vector useful in cyber espionage, data theft, ransomware, and even for creating large botnets out of infected IoT devices.
What makes BlueBorne special is that unlike similar attacks such as the recent one against Broadcom Wi-Fi chips, which also happened to be airborne, the BlueBorne attack doesn’t affect only the peripherals of a device but can give an attacker full control over the infected device right from the start.
Armis also said that Bluetooth software offers a larger attack surface than Wi-Fi software does, especially since it's been largely ignored by the security community until now.
Armis Labs argued that airborne attacks show a new type of threat that’s typically not taken into account by traditional security solutions. Airborne attacks that can bypass traditional security and even air-gapped internal networks can also endanger industrial systems, government agencies, and critical infrastructure.
The airborne attacks are also easier to spread because the user doesn’t have to download or click anything for the infection to occur. Such attacks are compatible with all software versions of a device, as long as Bluetooth is active.
Devices with Bluetooth enabled are constantly searching for other Bluetooth devices, which can allow an attacker to use the BlueBorne vulnerability to connect to it without having to pair with said device.
This makes BlueBorne one of the most broad potential attacks in recent years, while allowing attackers to strike undetected.
Most previous Bluetooth vulnerabilities were related to the protocol itself. The most serious one in recent years was fixed in the Bluetooth 2.1 protocol. Since then, newly found vulnerabilities were minor and did not allow remote code execution. This is also why the security research community started turning its eyes towards other protocols and systems.
Armis said that it's seen two main issues with how platform vendors have implemented the Bluetooth protocol: Either the platform vendors followed the implementation guidelines word for word, which has led to the same Bluetooth bug to exist on both Android and Windows, or in some areas, the Bluetooth specifications have left too much room for interpretation, which opened the possibility for multiple bugs to exist in various implementations.
The security firm also said that BlueBorne is based on the vulnerabilities found in the various implementations, and it’s worried that other vulnerabilities may exist on other Bluetooth-connected platforms that it hasn't yet tested.
The BlueBorne attack vector has several stages. First, the attacker finds some local Bluetooth-enabled devices. Next, they obtain the MAC address of the device to determine which operating system is running on it and adjust the exploit accordingly.
The attacker will exploit a vulnerability in the implementation of the Bluetooth protocol on that platform and then choose whether or not to do a MITM attack to intercept communications or take over the device for other malicious purposes.
An attack on the Android platform can make use of four different vulnerabilities (which Armis also discovered):
- An information leak vulnerability resembling Heartbleed that could leak the encryption keys of the device
- A remote code execution vulnerability that doesn’t require authentication or user interaction and uses the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering).
- Another remote code execution vulnerability that is similar to the previous one and can be triggered without user interaction and can allow the attacker to take full control of the device.
- The Bluetooth Pineapple vulnerability allows an attacker to create a MITM attack using only a Bluetooth-connected device and no special equipment, which is often required for Wi-Fi interception.
The Bluetooth Pineapple vulnerability is also present on unpatched Windows systems, allowing the same type of MITM attack to occur. Microsoft patched the vulnerability in the July update, but not all users patch their machines as soon as an update is available.
Linux is affected by two vulnerabilities: an information leak flaw that allows the attacker to adjust the attack accordingly and a stack overflow bug that attackers to take full control over the device.
The vulnerability uncovered by Armis in older versions of iOS had been fixed by Apple in iOS 10 and Apple TV 7.2.2. However, the company still warns users who are on older versions of iOS that they're at risk. The vulnerability found in Apple’s Low Energy Audio Protocol (LEAP), which works on top of Bluetooth, enables a remote code execution attack that could allow an attacker to silently take over a device.
Armis Labs argued that current security measures such as endpoint protection, mobile data management, firewalls, and network security solutions are not designed to deal with airborne attacks, because their main focus is to block attacks that happen over IP connections.
Armis also called for more attention on implementing secure Bluetooth protocols in the future, as the impact of any newly found threat could be quite significant, considering that billions of devices make use of the technology.
Users who aren’t expecting a patch for the BlueBorne attack on their devices (such as owners of older Android smartphones) would do best to disable Bluetooth and only enable it for a short time when needed, if at all.

Views: 37

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto

26 September 2017

25 09 2017

Azerbaijan represented at international exhibition ITU Telecom World 2017

Annual ITU Telecom World 2017 international exhibition-conference of the International Telecommunication Union 

iPhone 8 Plus Has the Best Performing Smartphone Camera Ever

The camera experts put the iPhone 8 and iPhone 8 Plus through their paces and found that they are the two best 

Robots learn to walk naturally by understanding their bodies

The challenge with bipedal robots isn't so much getting them to walk at all (although that's sometimes a problem

Stretchy, Waterproof Solar Cells to Power Wearables

Organic solar cells that are waterproof and stretchable could someday be sewn into washable electronic clothing

Nokia 8 Variant With 6GB RAM and 128GB Built-in Storage Launch Set for October 20

Just recently, the Nokia 8 variant with 6GB RAM and 128GB inbuilt storage was spotted on the US FCC website 

Experts compile a list of most amazing smartphones

Experts have compiled a list of the most amazing smartphones in the world.  The rating of the gadgets was made 

Switzerland Is Getting A Network Of Medical Delivery Drones

When a hospital needs to rush a delivery from a lab somewhere else in a densely populated city–for example

Apple is falling on the first day the iPhone 8 is being sold

Apple’s share price slide led it to its worst week in 17 months amid mixed reviews for new product offerings 

GO Keyboard apps could be spying on over 200 million Android users

According to a new report, a pair of third party keyboard apps that are listed in the Google Play Store under