BlueBorne reveals the weakness of Bluetooth: Many devices at risk of attack
It’s called BlueBorne (literally ” transported through the blue ” ) and is a series of attacks that allows you to take control of devices that have an active Bluetooth connection. Patches already issued by the main producers.
BlueBorne is the name assigned to a set of eight different exploits that can be used to attack systems with an active Bluetooth chip. The attack only requires that the victim device has an active Bluetooth connection and can act in total silence.
Armis, the company that has revealed the vulnerabilities and how to attack, has released some examples of attack on the Android operating system. The first step of the attack requires the identification of the victim device; once this is done, the device is forced to cede information, which may also include encryption keys. Armis speaks of a certain resemblance to Heartbleed.
By using a vulnerability in the Bluetooth Network Encapsulation Protocol (BNEP), which allows the smartphone to be used as an Internet access point (so-called tethering), an attacker can be corrupt selected memory segments and arbitrarily execute the machine code. This gives him, control of the device. Not only that, though: Armis claims that it is possible to execute remote code; in this case, a vulnerability would be exploited in the PAN (Personal Area Network) profile of the BNEP service.
It is also possible to perform a MITM (Man-In-The-Middle) attack that allows all communications to be intercepted: behind this attack, it would again be a vulnerability in the PAN profile (different from the previous one). The attacker could create a malicious network interface, which can hijack all traffic to the destination specified by the attacker.
In all cases, there is no need for any operation by the user, and the device must not even be visible or placed in mating mode to make attacks possible. Once the Bluetooth is turned on, the device is vulnerable.
Armis has already been in contact with the major operating system manufacturers for some time; both Microsoft and Google have already issued updates to solve the problem, as well as the main Linux distributions (for example, the writer has received to update notification on Linux Mint 18.2).
Note that Google has provided updates for Android 6.0 Marshmallow and Android 7.0 Nougat, thus leaving users of Android 5.x Lollipop without protection. Even iOS devices with version of the system before 10 are at risk of attack.
Further information and examples of an attack or vulnerability can be found on the Armis Labs website.
Not all systems will be updated, and in some cases updates may take some time to be provided. Besides being a good standard to save battery, turning off the Bluetooth connection on smartphones, tablets and computers is also a measure that helps prevent the possibility of being attacked.
In general, it is always a wise move not to keep active what is not actively used: on the other hand, because if you turn off the machine when it is in the garage you should not turn off unused connections?