Researchers have developed a new attack against Bluetooth-enabled devices that takes advantage of the fact that these devices are always listening for connections and can be used by attackers to connect to nearby devices and then exploit one of several new vulnerabilities in the protocol to compromise the devices.
The attack is known as BlueBorne and it is essentially a composite of several techniques, known issues with Bluetooth, and newly discovered flaws. BlueBorne can be used to attack a wide variety of devices, including those running Android, Windows, or Linux, as well some devices running older versions of iOS. Google released fixes for the problems in Android earlier this month and Microsoft is releasing patches today for the new vulnerabilities in Windows identified by the researchers from Armis, who developed the attack.
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active. Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” the Armis report on BlueBorne says.
“This means a Bluetooth connection can be established without pairing the devices at all. This makes BlueBorne one of the most broad potential attacks found in recent years, and allows an attacker to strike completely undetected.”
The attack relies on the fact that Bluetooth-enebled devices can be discovered by other devices, even if they’re not in active discovery mode. The attacker does not need to pair with a target device, and only needs to identify a nearby device, probe it to get the MAC address and OS information, and then exploit one of the new vulnerabilities in the target OS. Many of the bugs are in the various implementations of he Bluetooth protocol, and some of them can be used for remote code execution, for example on Android and Linux.
“BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vectors,” the researchers said.
“Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.”
Although many desktop and other devices have Bluetooth capabilities, this kind of attack likely would be most useful against mobile and IoT devices such as phones, TVs, and others that may not have many other obvious attack vectors.