A collection of eight flaws in the Bluetooth protocol (named ‘BlueBorne’) have been discovered by researchers at IoT security firm Armis, which they state can be used to attack devices running iOS, Android, Linux and Windows.
For further information on ‘Blueborne’ refer to the video below:
Researchers have found malicious attacks do not require pairing or user intervention, the attacker simply needs to be within ten metres of the device.
The Armis researchers expressed their concern over BlueBorne as it is considered to be spread through the ‘air’:
“Airborne attacks can also allow hackers to penetrate secure internal networks which are ‘air gapped’, meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure”.
“Spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats”.
Three of the eight flaws have been classified as ‘critical’, given its ability to take over devices or intercept communications over Bluetooth.
The researchers state Windows Vista and later devices are affected by BlueBorne. Linux kernels since 3.3-rc1 are affected, as too are all Linux devices running BlueZ stack. For Apple, devices with iOS 9.3.5 and lower, plus Apple TVs on version 7.2.2 and lower are vulnerable.
Reports indicate Microsoft has issued a patch for the vulnerabilities in its September security updates, Google has issued patches for Android in September and Apple has patched BlueBorne in iOS 10.
Senior Director of Security Architecture at security firm Webroot, David Dufour, states that whilst Bluetooth vulnerabilities had died down for a period of time, as the industry responded to exploits, this may be the start of a resurgence:
“But this incident may be the tip of the iceberg once again, just as we’ve seen a resurgence in worms, hackers often come back to repurpose the same exploits. Unfortunately, in these cases, many connected devices don’t allow for patch management and become easy targets”
“The learning curve to scan for Bluetooth devices isn’t that much greater than scanning for Wi-Fi access points”
“BlueBorne is another example of how simple it is for hackers to quickly scan for, and then exploit, open Bluetooth devices”.