Bluetooth Devices Susceptible to Attack

Wednesday, September 13, 2017 @ 03:09 PM gHale

BlueBorne is all about eight Zero Days affecting the Android, Windows, Linux and iOS implementations of Bluetooth.

The vulnerabilities can end up exploited by attackers to extract information from, execute malicious code on, or perform a man-in-the-middle (MitM) attack against vulnerable devices.
BlueBorne can end up exploited without users having to click on a link or download a malicious file.

ICSJWG: Change in Security Approach Needed
Power Grid Compromise
Fighting FUD from DC
Black Hat: ICS Security Movement

The interesting part is the user does not have to do anything to fall victim of the attack. Users will truly not be able to detect whether they are being hit with a BlueBorne attack.

The only prerequisite for a successful attack is Bluetooth is enabled on a target device. In quite a few cases, it is often enabled by default.

“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” said researchers at Armis. “This means a Bluetooth connection can be established without pairing the devices at all. This makes BlueBorne one of the most broad potential attacks found in recent years, and allows an attacker to strike completely undetected.”

All Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions end up affected by four vulnerabilities found in the Android operating system, two of which allow remote code execution (CVE-2017-0781 and CVE-2017-0782), one results in information leak (CVE-2017-0785) and the last allows an attacker to perform a MitM attack (CVE-2017-0783).

Examples of impacted devices:
• Google Pixel
• Samsung Galaxy
• Samsung Galaxy Tab
• LG Watch Sport
• Pumpkin Car Audio System

Google issued a patch and notified its partners. It will be available for:
• Nougat (7.0)
• Marshmallow (6.0)

All Windows computers since Windows Vista are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a MitM (CVE-2017-8628).

Microsoft is issuing security patches to all supported Windows versions Tuesday.

Linux is the underlying operating system for a wide range of devices. The most commercial, and consumer-oriented platform based on Linux is the Tizen OS.

All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250).

All Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (CVE-2017-1000251).

Examples of impacted devices:
• Samsung Gear S3 (Smartwatch)
• Samsung Smart TVs
• Samsung Family Hub (Smart refrigerator)

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability. This vulnerability was already mitigated by Apple in iOS 10, so no new patch is needed to mitigate it.

The Armis researchers found the following security flaws:
• Linux kernel RCE vulnerability – CVE-2017-1000251
• Linux Bluetooth stack (BlueZ) information leak vulnerability – CVE-2017-1000250
• Android information leak vulnerability – CVE-2017-0785
• Android RCE vulnerability #1 – CVE-2017-0781
• Android RCE vulnerability #2 – CVE-2017-0782
• The Bluetooth Pineapple in Android – Logical Flaw – CVE-2017-0783
• The Bluetooth Pineapple in Windows – Logical Flaw – CVE-2017-8628
• Apple Low Energy Audio Protocol RCE vulnerability – CVE-2017-14315

Click here for more technical details about each.

“The BlueBorne attack vector has several stages. First, the attacker locates active Bluetooth connections around him or her. Devices can be identified even if they are not set to ‘discoverable’ mode. Next, the attacker obtains the device’s MAC address, which is a unique identifier of that specific device. By probing the device, the attacker can determine which operating system his victim is using, and adjust his exploit accordingly. The attacker will then exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform and gain the access he needs to act on his malicious objective. At this stage the attacker can choose to create a Man-in-The-Middle attack and control the device’s communication, or take full control over the device and use it for a wide array of cybercriminal purposes,” researchers said.

The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today, researchers said.

Leave a Reply

You must be logged in to post a comment.