BlueBorne is the name that has been given to the latest mobile attack vector targeting various parts of the Bluetooth stack running on almost every smart device in the world. It is capable of remotely compromising major operating systems, including Android, iOS, Linux and Windows, allowing the attacker to take complete control over the targeted device.

Named BlueBorne because it is an airborne attack spreading via Bluetooth, it allows attackers to take control of nearby devices, access corporate data, penetrate internal secure networks, and spread malware across connected devices.
BlueBorne poses as a device that wants to connect over Bluetooth and the exploit happens before the connection attempt triggers a notification on the targeted device.
Furthermore, unlike traditional malware and common attack methods, the user does not have to click on a link or download a questionable file, so it is possible that the attack goes unnoticed.

Which devices are affected by BlueBorne?

All Android phones, tablets, and wearables of all versions are affected by four vulnerabilities found in the Android operating system. Two of which allow remote code execution, one results in information leak and the last allows an attacker to perform a Man-in-the-Middle attack
All iPhone, iPad and iPod touch devices with iOS 9.3.5 and older are affected by the remote code execution vulnerability
All Windows 10 Mobile devices are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a Man-in-The-Middle attack

The rise of wireless vulnerabilities

Vulnerabilities as widespread as BlueBorne are rare. Apple and Google spend a lot of money securing their mobile operating systems and paying bounties for uncovering vulnerabilities in their software. However, for certain functionality they need to adopt components sourced from third-party companies whose code isn’t totally controllable.
We saw an example of this recently with the Broadcom chip vulnerability dubbed Broadpwn. This vulnerability affecting billions of iOS and Android devices would have allowed a hacker who comes within Wi-Fi range of a target not only to hack a victim’s phone, but also turn it into a rogue access point that would in turn infect nearby phones, spreading quickly from one device to the next.
Further back in time, there was another wireless vulnerability, this time with AirDrop in iOS 9 which could be exploited to compromise a victim’s Apple device. The attack could take place when a hacker is in range of an AirDrop user, to fool their operating system into accepting a fraudulent certificate and bypass built-in security to install malware.

What can you do to stay safe?

Users are advised to turn off Bluetooth when it’s not being used and upgrade devices to the latest operating system version where security patches have been applied. Our recommendation is for businesses to have an active mobile security service deployed.
Wandera protects from this threat in the following ways:

  • Detects exploits attempting privilege escalation similar to the one taking place through CVE-2017-0781
  • Blocks Command and Control Servers that will be used to remotely control a botnet of devices infected through this new attack vector
  • Identifies MitM attacks enabled through CVE-2017-0783 and CVE-2017-8628 by using proprietary algorithms
  • Highlights outdated OS versions vulnerable to BlueBorne
  • Includes Android Security Patch level on each device’s security posture assessment

[text-blocks id=”threat-advisories”]