BlueBorne Attacks Impact Billions of Bluetooth Devices

-




IoT-focused security company Armis Labs revealed a Bluetooth-based attack that impacts billions of devices, including Android, Linux, and unpatched Windows and iOS10 or earlier devices. Along with the Bluetooth attack, which the company called "BlueBorne," Armis also revealed eight zero-day vulnerabilities that could be used to facilitate the BlueBorne attack against some devices.

Devastating Potential

According to Armis Labs, BlueBorne not only affects billions of smartphones, desktops, sound systems, and medical devices, but it requires no action from users. It's also invisible to users, and worst of all, it can start spreading from device to device on its own.Because the Bluetooth process has high privileges on most operating systems, that means once BlueBorne reaches a device, it can also cause significant damage through remote code execution, man-in-the-middle (MITM) attacks, or by penetrating air-gapped networks that otherwise have no internet connectivity. This can make the BlueBorne attack vector useful in cyber espionage, data theft, ransomware, and even for creating large botnets out of infected IoT devices.

New Dangers

What makes BlueBorne special is that unlike similar attacks such as the recent one against Broadcom Wi-Fi chips, which also happened to be airborne, the BlueBorne attack doesn’t affect only the peripherals of a device but can give an attacker full control over the infected device right from the start.
Armis also said that Bluetooth software offers a larger attack surface than Wi-Fi software does, especially since it's been largely ignored by the security community until now.
Armis Labs argued that airborne attacks show a new type of threat that’s typically not taken into account by traditional security solutions. Airborne attacks that can bypass traditional security and even air-gapped internal networks can also endanger industrial systems, government agencies, and critical infrastructure.
The airborne attacks are also easier to spread because the user doesn’t have to download or click anything for the infection to occur. Such attacks are compatible with all software versions of a device, as long as Bluetooth is active.
Devices with Bluetooth enabled are constantly searching for other Bluetooth devices, which can allow an attacker to use the BlueBorne vulnerability to connect to it without having to pair with said device. This makes BlueBorne one of the most broad potential attacks in recent years, while allowing attackers to strike undetected.

Next-Generation Bluetooth Vulnerabilities

Most previous Bluetooth vulnerabilities were related to the protocol itself. The most serious one in recent years was fixed in the Bluetooth 2.1 protocol. Since then, newly found vulnerabilities were minor and did not allow remote code execution. This is also why the security research community started turning its eyes towards other protocols and systems.



Armis said that it's seen two main issues with how platform vendors have implemented the Bluetooth protocol: Either the platform vendors followed the implementation guidelines word for word, which has led to the same Bluetooth bug to exist on both Android and Windows, or in some areas, the Bluetooth specifications have left too much room for interpretation, which opened the possibility for multiple bugs to exist in various implementations.
The security firm also said that BlueBorne is based on the vulnerabilities found in the various implementations, and it’s worried that other vulnerabilities may exist on other Bluetooth-connected platforms that it hasn't yet tested.

How BlueBorne Works

The BlueBorne attack vector has several stages. First, the attacker finds some local Bluetooth-enabled devices. Next, they obtain the MAC address of the device to determine which operating system is running on it and adjust the exploit accordingly.
The attacker will exploit a vulnerability in the implementation of the Bluetooth protocol on that platform and then choose whether or not to do a MITM attack to intercept communications or take over the device for other malicious purposes.

Android Attack Vectors

An attack on the Android platform can make use of four different vulnerabilities (which Armis also discovered):
  • An information leak vulnerability resembling Heartbleed that could leak the encryption keys of the device
  • A remote code execution vulnerability that doesn’t require authentication or user interaction and uses the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering)
  • Another remote code execution vulnerability that is similar to the previous one and can be triggered without user interaction and can allow the attacker to take full control of the device.
  • The Bluetooth Pineapple vulnerability allows an attacker to create a MITM attack using only a Bluetooth-connected device and no special equipment, which is often required for Wi-Fi interception.



Windows Attack Vector

The Bluetooth Pineapple vulnerability is also present on unpatched Windows systems, allowing the same type of MITM attack to occur. Microsoft patched the vulnerability in the July update, but not all users patch their machines as soon as an update is available.



Linux Attack Vectors

Linux is affected by two vulnerabilities: an information leak flaw that allows the attacker to adjust the attack accordingly and a stack overflow bug that attackers to take full control over the device.



iOS Attack Vector

The vulnerability uncovered by Armis in older versions of iOS had been fixed by Apple in iOS 10 and Apple TV 7.2.2. However, the company still warns users who are on older versions of iOS that they're at risk. The vulnerability found in Apple’s Low Energy Audio Protocol (LEAP), which works on top of Bluetooth, enables a remote code execution attack that could allow an attacker to silently take over a device.

Protecting Against AirBorne Bluetooth Attacks

Armis Labs argued that current security measures such as endpoint protection, mobile data management, firewalls, and network security solutions are not designed to deal with airborne attacks, because their main focus is to block attacks that happen over IP connections.
Armis also called for more attention on implementing secure Bluetooth protocols in the future, as the impact of any newly found threat could be quite significant, considering that billions of devices make use of the technology.
Users who aren’t expecting a patch for the BlueBorne attack on their devices (such as owners of older Android smartphones) would do best to disable Bluetooth and only enable it for a short time when needed, if at all

Comments

Post a Comment

Popular posts from this blog

Avet – Open Source Anti-Virus Evasion Tool

-
Image
When we want to perform an exploitation to a windows target, we need a payload that is undetectable to Antivirus Solutions. Msfvenom on its own is not enough. So we need an AV evasion tool to make this easy for us. Avet is a tool for building exe files with shellcode payloads for antivirus evasion. Installing Avet First clone the repository to our machine. git clone https://github.com/govolution/avet.git   After that go inside the folder and run the setup file to install wine and other missing components. cd avet/       Run the setup file to install the missing components.   ./setup.sh     Select create  for new installation   Running Avet There are two ways to run avet. Run avet by typing the command below. python avet_fabric.py   There are two ways to run avet. Either by compiling the make_avet script as shown below, or by  running the avet_fabric.py scr...
Read more

PDFCrack - Password Cracking Tool for PDF-files

-
Image
PDFcrack is a GNU/Linux tool for cracking password protected PDF files. It is a very small command line application. It is not preinstalled in kali linux. We can install through command line. For installing pdfcrack open a terminal and enter apt install pdfcrack Syntax and options Usage: pdfcrack -f filename [OPTIONS]           : pdfcrack -f filenmae -w passwordfile.txt OPTIONS : -b, --bench perform benchmark and exit -c, --charset=STRING Use the characters in STRING as charset -w, --wordlist=FILE Use FILE as source of passwords to try -n, --minpw=INTEGER Skip trying passwords shorter than this -m, --maxpw=INTEGER Stop when reaching this passwordlength -l, --loadState=FILE Continue from the state saved in FILENAME -o, --owner Work with the ownerpassword -u, --user Work with the userpassword (default) -p, --password=STRING Give userpassword to speed up breaking ownerpassword (...
Read more

How to Repair Kali Linux grub after installing Windows in Dual boot System

-
Image
If your System has primary OS Windows then you install your secondary OS Kali Linux. That will be OK, Kali Linux puts boot entry of Windows automatically for you. At initial boot menu you can see both OS entry to boot. If your windows is corrupt in dual boot system or if you want to install windows as secondary OS after installing Kali Linux as primary OS. You may face corrupt boot-loader menu. You wont be able to boot Kali Linux any more because Windows wont put entry of Kali Linux automatically in their boot menu. So this post motive is to help those guys which are facing those problems subjecting to corrupt Boot-loader. There are mainly two methods: 1. Repair Grub via Kali Linux live USB. 2. Repair Grub Via Boot-rapair-disk. Method 1# Repair Grub via Kali Linux live USB It is up to you which you want to choose but if you are Linux familiar then go for this method. Requirements 1. A Kali Linux ISO image. You can download here: Download Kali Linux...
Read more