Posted on September 14, 2017 at 7:06 AM

BlueBorne Puts Over 5 Billion Bluetooth Devices at Risk for Hacking

Bluetooth is, if not the most popular, then certainly the most predominant methods of short-range wireless communications. Almost all electronic devices have this from smartphones, smartwatches, tablets, PC’s, and even televisions, medical equipment, and car infotainment systems. Yet all of these devices are now vulnerable to hacking due to critical flaws in Bluetooth implementations and operating systems.

A team of researchers from Armis, a security firm have collaborated with Google, Microsoft, Apple, and Linux developers to identify eight critical vulnerabilities in Bluetooth devices that could enable hackers to either take over Bluetooth devices or to take over their Internet traffic.

Researchers have called these attacks BlueBorne, and it could potentially put over 5.3 billion devices at risk for hacking. BlueBorne is particularly lethal as it requires no authentication to pair devices. Simply having your Bluetooth enabled is enough to make your device vulnerable.

BlueBorne does not require any user interaction and all attacks are automated. Hackers can also force vulnerable devices to open Bluetooth connections. This can cause a worm-like attack, where an affected device can infiltrate another. This could cause the creation of botnets.

Researchers from Armiss have developed a patch which can be installed on vulnerable devices. Yet they claim that 40% of infected devices will not be able to be patched either due to an older device age or operating system, or simply because the user of the device will not bother.

The vulnerabilities that make your device susceptible is not found in Bluetooth itself, but rather in the Bluetooth implementation on various devices such as Android, Windows, Linux, and iOS. Thus BlueBorne won’t discriminate on what version of Bluetooth or what device you have, all have the possibility to become affected, with the exception of Bluetooth Low Energy, or Bluetooth Smart.

The team from Armis accidentally came across device vulnerabilities, during routine work on one of the company’s security products which specialize in identifying rogue or compromised IoT devices on organization networks. The researchers then cross referenced the code in other Bluetooth stacks and found more vulnerabilities.

The impact of the vulnerabilities differs and is dependent on the operating system in question. From the eight vulnerabilities identified, four came from Android implementations, two were ascribed to Linux, one to iOS, and one to Windows.

The team from Armis suggests that these eight vulnerabilities may be just the tip of the iceberg, however, more research is needed before making any conclusive judgments.

The Bluetooth vulnerability in Windows enables hackers to launch man-in-the-middle traffic interception attacks. This allows hackers to remotely force Windows devices to establish a malicious Bluetooth network which routes all their communication through it. Essentially, a hacker can then intercept all of a victim’s Internet Traffic via Bluetooth.

According to Microsoft, they released security updates in order to address this vulnerability in all Windows devices during July, and users with these updates are protected against any malicious attacks.

Android’s Bluetooth stack works in a similar manner, although Android has the additional danger of information leaking as well as two remote code execution flaws. The information leak can be used to gain sensitive information from the device’s memory. This information can in turn aid hacking in exploiting remote code execution vulnerabilities in order to take control of the device. An attack like this would go completely unnoticed by the user of the device.

Like Microsoft, Google also claims to have had specific updates for fixing these Bluetooth vulnerabilities. These updates extended to its Pixel and Nexus devices, as well as patches for the Android Open Source Project.

However even with security updates in place, it is likely that plenty of devices will remain infected, and an even larger part of devices will be infected without its user’s knowledge.