A series of vulnerabilities recently found in the Bluetooth communication protocol, used by billions of smartphones, laptops, PCs, and IoT devices around the world, could be exploited by attackers to compromise popular operating systems without any interaction from the user.
By compromising the Bluetooth communication protocol, over-the-air, an attacker could perform man-in-the-middle attacks or remotely execute malicious code on a victim’s device to gain full remote control of the device. Operating systems such as Windows, Linux, Android and iOS are affected, and security researchers at Armis – who discovered the vulnerability – suggest the attack is completely undetectable.
“BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure ‘air-gapped’ networks, and spread malware to other devices,” reads the research paper. “The attack does not require the targeted device to be set on discoverable mode or to be paired to the attacker’s device. In addition, the targeted user is not required to authorize or authenticate the connection to the attacker’s device.”
The attack succeeds without any pairing with the victim, or even if the device is set to “undiscoverable” mode. Completely disabling Bluetooth connectivity is the only way to prevent the attack, apart from installing the security fixes and updates provided by affected OS vendors.
“Another contributing factor are two common misconceptions about Bluetooth: One is that connections in Bluetooth have to be of paired devices (which they do not), and the other is that devices MAC address (BDADDR) are safely hidden while they are not in discoverable mode (which they are not),” reads the Armis research paper. “Attackers can target these sections of the device, and take control through them, as they are an integral part of the operating system – either as part of the kernel itself, or as highly privileged processes on top of it”
The eight zero-day vulnerabilities found in the way the Bluetooth protocol is implemented in various operating systems have been patched by Google, Microsoft, Apple, Samsung and Linux, with users being encouraged to download and install the latest security updates.
Here is the full list of vulnerabilities:
- Linux kernel RCE vulnerability – CVE-2017-1000251
- Linux Bluetooth stack (BlueZ) information Leak vulnerability – CVE-2017-1000250
- Android information Leak vulnerability – CVE-2017-0785
- Android RCE vulnerability #1 – CVE-2017-0781
- Android RCE vulnerability #2 – CVE-2017-0782
- The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783
- The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628
- Apple Low Energy Audio Protocol RCE vulnerability – CVE-2017-14315