In-brief: Dubbed BlueBorne, the flaw could affect billions of devices that use the Bluetooth wireless protocol, enabling remote hacks, the security firm Armis warned.
Billions of wireless, connected devices may be vulnerable to being hacked as the result of a previously undiscovered flaw in Bluetooth, the popular wireless communications protocol.
The security firm Armis on Tuesday warned the public about the discovery of a flaw it calls “BlueBorne.” If exploited, the vulnerabilities could enable an attacker to take over devices or carry out so-called “man-in-the-middle” attacks to connect to sensitive networks, steal data or spread malicious software to other Bluetooth enabled devices. The flaw could lurk in billions of devices that use the Android, Linux and Microsoft implementations of the Bluetooth communications standard.
“Nearly all devices with Bluetooth capabilities, including smartphones, TVs, laptops, watches, smart TVs, and even some automobile audio systems, are vulnerable to this attack,” the company said in a statement. The company reported the vulnerabilities to Google, Microsoft, and the Linux community. Google and Microsoft have already released patches. Others are preparing patches that are in various stages of being released, Armis said.
Among the flaws discovered by Armis are four so-called “RCE” or remote code execution flaws in the Linux kernle (CVE-2017-1000251), Android (CVE-2017-0781, 0782) and Apple’s Low Energy Audio Protocol (CVE-2017-14315).
Additional information leak flaws in the Linux Bluetooth stack (BlueZ), Google’s Android operating system and logical flaws in the Bluetooth Pineappple in Android and Windows (CVE-2017-0783, 0628).
“These vulnerabilities are fully operational, and were successfully turned into exploits, the company warned, saying it would provide more details at a later time.
“These silent attacks are invisible to traditional security controls and procedures,” said Yevgeny Dibrov, the CEO of Armis. “Companies don’t monitor these types of device-to-device connections in their environment, so they can’t see these attacks or stop them.” Armis published a research paper (PDF) by authors Ben Seri and Gregory Vishnepolsky detailing its findings.
Bluetooth is a ubiquitous wireless protocol that is increasingly used to connect devices wirelessly at short range. It is common in everything from wireless speakers and cameras to medical devices.
Though it typically is used over short distances, proof of concept attacks going back more than a decade have shown how Bluetooth signals can be amplified to enable longer range attacks.
Armis said there are two methods attackers could use to attack Bluetooth devices given the right exploit code. In the first, they could connect to the target device undetected and then run remote exploit code that gives them control over the device. Such an attack would result in the attacker taking full control of a system, up to and including leveraging the device to gain access to corporate networks, systems, and data, Armis said.
The second likely scenario is a man-in-the-middle attack in which an attacker intercepts wireless traffic from Bluetooth devices in her vicinity or spoofs a legitimate Bluetooth device in order to hijack a Bluetooth connection and redirect traffic.
That type of attack would enable attackers to download malware to devices and take complete control of them.
“The automatic connectivity of Bluetooth, combined with the fact that nearly all devices have Bluetooth enabled by default, makes these vulnerabilities all the more serious and pervasive,” the company said.
Wireless vulnerabilities are an increasing concern for enterprises, as more wireless products infiltrate the office space. Traditional network security tools often are blind to wireless communications using Bluetooth, Zigby or radio frequency (RF) protocols.
In February, 2016, for example, researchers at Bastille demonstrated a wireless flaw in common wireless mice and keyboards, dubbed “Mousejack” that could be used to attack devices like laptops and desktop computers that the peripheral devices were attached to.