Published: Wed, September 13, 2017
Hi-Tech | By Ellis Neal

New Bluetooth vulnerability can be exploited to silently hack Android phones

New Bluetooth vulnerability can be exploited to silently hack Android phones

Apple fixed the vulnerability for its devices with an update to iOS 10, which 89 percent of all iOS device users have updated to. Simply having Bluetooth turned on is enough for BlueBorne to work its malicious magic. "The vulnerabilities found in Wi-Fi chips affect only the peripherals of the device, and require another step to take control of the device". Now, researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows. "Because you can use Bluetooth to connect a mouse or keyboard to an Android device, now I can run it", Seri explained.

The folks over at Armis Labs has just revealed a new attack vector that targets unpatched Android, iOS, Windows, and Linux devices with Bluetooth enabled.

"With BlueBorne, attackers can gain full control right from the start", Armis warned.

Users who aren't expecting a patch for the BlueBorne attack on their devices (such as owners of older Android smartphones) would do best to disable Bluetooth and only enable it for a short time when needed, if at all. Such self-replicating exploits could quickly take over huge numbers of devices at conferences, sporting events, or in work places.

Security researchers have discovered eight vulnerabilities - codenamed collectively as BlueBorne - in the Bluetooth implementations used by over 5.3 billion devices. The researchers also told Gizmodo their takeover could spread, virus-like, from one infected device to the next, although they did not demonstrate this claim and leaping between different operating systems would be very complex.

Windows machines with Bluetooth are also at risk of a vulnerability that lets an attacker invisibly intercepting or rerouting wireless traffic by creating a malicious networking interface on the device.

Apart from these, Linux-based devices, Samsung TVs, and some drone models are also vulnerable to this attack.

The vulnerabilities were found in the Bluetooth implementations in Android, Microsoft, Linux and iOS versions pre-iOS 10.

"In theory, to be safe on these devices, Bluetooth needs to be disabled until a patch is applied", said Mark James, an expert at cybersecurity firm ESET. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here. "When exploits like these are found on technology that is integrated into nearly every device we use, it's a real concern". Again, these can be found even if the software isn't telling the device to be in discoverable mode.

Armis said that it first reported the vulnerabilities to Google, Microsoft and Linux in April and patches have now been released as part of vendors' regular scheduled updates. "This is why the vulnerabilities which comprise BlueBorne are based on the various implementations of the Bluetooth protocol, and are more prevalent and severe than those of recent years".

Armis said that it's seen two main issues with how platform vendors have implemented the Bluetooth protocol: Either the platform vendors followed the implementation guidelines word for word, which has led to the same Bluetooth bug to exist on both Android and Windows, or in some areas, the Bluetooth specifications have left too much room for interpretation, which opened the possibility for multiple bugs to exist in various implementations.

"The research illustrates the types of threats facing us in this new connected age", said Dibrov.

Like this: