September 29, 2017 | By Chris M. Roberts & Stone Tillotson
Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is named “BlueBorne” and is spread through the air and attacks devices via Bluetooth. The vector is a culmination of eight related zero-day vulnerabilities, four of which are critical. The BlueBorne exploit allows attackers to take full control of devices and spread malware laterally to adjacent devices.
IISP Analyst Chris M. Roberts: "This discovery of multiple vulnerabilities within Bluetooth is a major problem for a number of reasons. To begin with, the sheer number of Bluetooth devices in use today exceeds 8 billion (yes, BILLION with a ‘B’) which results in an absurdly large attack surface that would need to be patched to remove these vulnerabilities. Secondly, the attack is powerful because the vulnerabilities don’t rely on a target device to be in discovery mode or to be paired with the attack device; they also don’t rely on the users to mistakenly activate the exploit. The only way to prevent a vulnerable device from being attacked is to turn off Bluetooth all together, something many aren’t willing to do.
Vulnerabilities as serious as this should cause a lot of concern. Bluetooth has long been trusted in preventing unauthorized communications and encrypting data being shared between devices. Both of those assumptions are no longer accurate. It’s unlikely that all your Bluetooth devices will ever have patches developed to prevent these attacks, which opens up another discussion: Should companies be liable if they don’t produce a patch for their devices and users are attacked, or is it the user’s responsibility to stop using the device?"
IISP Analyst Stone Tillotson: "BlueBorne should be distinguished from singular, cohesive exploits like Heartbleed, since it represents a collection of problems in common Bluetooth implementations. While the researchers point to an overly complex Bluetooth stacks as the culprit, and while it is certainly contributory, to this researcher's eyes, none of newly described flaws depart from common attack vectors. Most of the flaws center on buffer overflow conditions or equivalent, with two sections devoted to a replay of the WiFi Pineapple attack vector on Bluetooth. None of this is intended to diminish the achievements of the Armis team, but only to point out that developers and protocol designers should have been well aware of, and actively looking for, these problems. Fortunately, of the ones found, many should be straightforward to fix or mitigate. The tragedy here though, and of the compromises in the wild we're soon to see, is that much of this was foreseeable and experience was not used as a guide."
For further reading: https://www.armis.com/blueborne/