Concerns about online privacy and security are growing along with the number of smart, connected gadgets, especially in light of the recent spike in ransomware and other malware assaults that have dominated headlines. Security researchers at Armis Labs have published a thorough technical whitepaper outlining a serious vulnerability that could potentially expose billions of Bluetooth-enabled devices to remote code execution and Man-in-the-Middle (MiTM) attacks while the world is still trying to recover from the WannaCry ransomware, the Mirai botnet, and other severe malware attacks. In case you are already interested in BlueBorne, here is what you should know about it in order to avoid unintentionally falling victim to cybercrime:
What is BlueBorne?
Simply defined, BlueBorne is an attack vector that enables cybercriminals to stealthily take over targeted devices through Bluetooth connections without requiring any input from the victim. What’s alarming is that a gadget doesn’t even have to be linked with the attacker’s smartphone or set to discoverable mode in order to be compromised. The majority of Bluetooth devices now in use may be compromised using up to eight different zero-day vulnerabilities (four of which are significant). This is true regardless of the operating system. In essence, this means that more than 5 billion Bluetooth-enabled devices worldwide may be exposed to this serious security flaw, which Armis Labs, an IoT-focused security research company, detailed earlier this week. The technical whitepaper produced by the company claims that BlueBorne is especially risky not only because of its enormous scope but also because the flaws really make remote code execution and Man-in-the-Middle attacks possible.
Which Devices / Platforms are Potentially Vulnerable to BlueBorne?
The BlueBorne attack vector, which might affect billions of Bluetooth-enabled smartphones, desktop computers, entertainment systems, and medical equipment running on any of the major operating systems, including Android, iOS, Windows, and Linux, has already been highlighted. There are already 2 billion Android devices worldwide, and it’s claimed that nearly all of them support Bluetooth. Add to that an estimated 2 billion Windows devices, 1 billion Apple devices, and 8 billion IoT devices, and it becomes clear why this most recent security danger is such a major source of worry for device manufacturers, privacy activists, and cyber-security specialists all over the world. However, Android and Linux are the two operating systems that are most susceptible to BlueBorne. That’s because the way these operating systems implement Bluetooth functionality makes them extremely vulnerable to memory corruption exploits, which can be used to remotely execute almost any malicious code. As a result, the attacker may be able to access sensitive system resources on compromised devices, which frequently fail to clear the infection even after several reboots. Picture via Threatpost.com
How Can Hackers Exploit the BlueBorne Security Vulnerability?
A single compromised device might, in principle, infect hundreds of other devices nearby since BlueBorne is a highly contagious airborne attack vector that has the capacity to travel from device to device through air. The high degree of privileges that Bluetooth runs with on all operating systems, allowing attackers to have practically full control over infected devices, puts consumers particularly vulnerable to the problem. Once in charge, cybercriminals can use these tools to further any of their malicious goals, such as data theft and cyber espionage. They can even use the device to launch DDoS attacks or engage in other online crimes by remotely installing ransomware or integrating it into a sizable botnet. Armis claims that the BlueBorne attack vector outperforms the majority of attack vectors because it can enter secure air-gapped networks that are cut off from all other networks, including the internet.
How to Tell if Your Device is Affected by BlueBorne?
All of the major computing platforms, according to Armis, are in some manner impacted by the BlueBorne security threat, however some of these operating systems’ versions are fundamentally more vulnerable than others.
The so-called Bluetooth Pineapple vulnerability, which enables an attacker to conduct a Man-in-the-Middle attack, affects all Windows desktops, laptops, and tablets running Windows Vista and newer versions of the OS (CVE-2017-8628).
The remote code execution vulnerability affects any device using an operating system based on the Linux kernel (version 3.3-rc1 and newer) (CVE-2017-1000251). Additionally, the information leak issue affects all Linux systems running BlueZ. (CVE-2017-1000250). Therefore, in this instance, the impact of the BlueBorne attack vector extends beyond simply desktop computers to a variety of smartwatches, televisions, and kitchen appliances that use the free and open source Tizen OS. As a result, Armis claims that gadgets like the Samsung Family Hub refrigerator and the Gear S3 smartwatch are extremely vulnerable to BlueBorne.
The remote code execution vulnerability affects all AppleTV devices running tvOS version 7.2.2 or older as well as all iPhone, iPad, and iPod Touch units running iOS 9.3.5 or earlier. BlueBorne shouldn’t pose a threat to any iOS 10 devices.
This is the platform that is thought to be the most negatively impacted because to its immense popularity and reach. All versions of Android, without exception, are vulnerable to BlueBorne, according to Armis, because of four major OS flaws that have been discovered. One of such flaws causes data leakage (CVE-2017-0785), two of them allow remote code execution (CVE-2017-0781 and CVE-2017-0782), and a third one enables Man-in-the-Middle attacks (CVE-2017-0783). In addition to smartwatches and other wearables powered by Android Wear, televisions and set-top boxes powered by Android TV, and in-car entertainment systems powered by Android Auto are all susceptible to the threat, making BlueBorne one of the most extensive and severe attack vectors ever identified.
If you have an Android device, you can also go over to the Google Play Store anddownloadtheBlueBorne Vulnerability Scanner appthat was released by Armis to help users check if their device is vulnerable to the threat.
How to Protect your Bluetooth-Enabled Device From BlueBorne?
While BlueBorne is one of the most comprehensive and threatening attack vectors in recent memory because of its sheer scale, there are ways you can protect yourself from becoming a victim. First and foremost,make sure Bluetooth is deactivatedin your device when not in use. Then, make sure yourdevice is updated with all the latest security patches, and although that may not help you in some cases, it is definitely a starting point. Depending on the operating system of the device you re looking to safeguard, you should take the following steps to make sure your personal data don t end up in the wrong hands.
Microsoft released the BlueBorne security patch for its operating systems on July 11, so as long as you have automatic updates enabled or have manually updated your PC in the past couple of months and installed all the latest security patches, you should be safe from these threats.
If you re using iOS 10 on your device, you should be fine, but if you re stuck on earlier versions of the operating system (version 9.3.5 or older), your device is vulnerable until Apple releases a security patch to fix the problem.
Google released the BlueBorne fixes to its OEM partners on August 7th, 2017. The patches were also made available to users around the world as part of the September Security Update Bulletin, which was officially released on the 4th of this month. So if you re using an Android device, go over toSettings > About Device > System Updatesto check if your vendor has yet rolled out the September 2017 security patch for your device. If so, install it promptly to keep yourself and your Android device safe from BlueBorne.
If you re running any Linux distro on your PC or using a Linux kernel-based platform like Tizen on your IoT / connected devices, you might have to wait a tad longer for the fix to filter through because of the coordination required between the Linux kernel security team and the security teams of the various independent distros. If you have the requisite technical knowhow, though, you can patch and rebuild the BlueZ and the kernel yourself by going over going overhere for BlueZandhere for the kernel.
In the meantime, you can just disable Bluetooth completely on your system by following these simple steps:
- Blacklist the core Bluetooth modules
printf "install %s /bin/true\n" bnep bluetooth btusb >> /etc/modprobe.d/disable-bluetooth.con
- Disable and stop the Bluetooth service
systemctl disable bluetooth.service systemctl mask bluetooth.service systemctl stop bluetooth.service
- Remove the Bluetooth Modules
rmmod bnep rmmod bluetooth rmmod btusb
If you get error messages saying other modules are using these services, make sure to remove the active modules first before trying again.
SEE ALSO:What is Bluetooth Mesh Networking and How It Works?
BlueBorne: The Latest Security Threat That Endangers Billions of Bluetooth Devices
The Bluetooth Special Interest Group (SIG) has been increasingly focusing on security in recent times, and it s easy to see why. With the high privileges accorded to Bluetooth in all modern operating systems, vulnerabilities like BlueBorne can wreak havoc for millions of innocent and unsuspecting people around the world. What s really worrying security experts is the fact that BlueBorne happens to be an airborne threat, which means standard security measures, such as endpoint protection, mobile data management, firewalls and network security solutions are virtually helpless in front of it, seeing as they they are primarily designed to block attacks that happen over IP connections. While users don t have control over how and when the security patches are rolled out to their devices, just making sure you take the safeguards mentioned in the article should keep your connected devices reasonably safe for now. In any case, keeping your Bluetooth connection off while not in use is just a standard security practice that most tech savvy people follow anyways, so now is as good a time as any for the rest of the population to follow suit. So now that you ve got to know about BlueBorne, what are your thoughts on the subject? Do let us know in the comment section below, because we love hearing from you.