More than a single security hole, BlueBorne is a number of exploits and vulnerabilities grouped under the same name (PDF) that can be used to take control of a device. The most noticeable feature of BlueBorne is that it does not require you to click on any link, start a download or establish a connection to another device. The mere fact of having Bluetooth enabled could be exploited by an attacker.
According to Armis Labs, BlueBorne “is an attack vector by which hackers can take advantage of Bluetooth connections to penetrate and take complete control of the attacked devices” without having to establish a match between attacker and victim. In fact, BlueBorne works even if the device is not configured as visible to other devices. Since it does not require an Internet connection, it could be used to breach tight networks (air-gapped) such as servers and handling sensitive information. The use of this attack could be particularly useful for launching attacks through middleman or man-in-the-middle, using third party devices as a bridge between the attacker and its target. One of the features that make BlueBorne particularly dangerous is that it allows it to be spread between phones, tablets, wearables and virtually any type of device automatically.
An attack based on BlueBorne would begin with the extraction of a MAC address to determine the operative system of the victim and configure an exploit. Armis Labs has identified several zero day vulnerabilities that would facilitate its launch. The next step would be to take advantage of a vulnerability in the implementation of the Bluetooth protocol for the platform in question. There are a few to choose from. Armis Labs has been able to verify the operation of BlueBorne using four vulnerabilities of the implementation of Bluetooth in Android, one of which is also shared by Windows (although not Windows Phone, which seems safe). Linux has two vulnerabilities (a data leak and exposure to a stack overflow attack thanks to a vulnerability in the kernel). Finally, iOS is susceptible to be attacked through Apple’s Low Energy Audio Protocol (LEAP) technology, which runs over Bluetooth.
According to Armis Labs, all Android-based devices are exposed to BlueBorne unless they strictly use Bluetooth Low Energy. As for the Windows ecosystem, all versions of Vista are vulnerable to attack by the broker. Devices based on Linux and its derivatives (including Tizen) with BlueZ and version 3.3-rc1 or higher are also susceptible to attack. The case of Apple seems somewhat less serious since it affects devices with iOS 9.3.5 and tvOS 7.2.2 or lower versions. In its case, iOS 10 already solved this problem. The discovery of BlueBorne has been published in coordination with the tech giant Apple, Google, and Microsoft, who were warned several weeks ago to take time to adopt defensive measures. The tech giant Microsoft has just released a patch for Windows, while the tech giant Google issued a security bulletin last August and a patch on September 9. So, what do you think about this? Simply share your views and thoughts in the comment section below.