"These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date and can enable a complete takeover of the target device", experts asserted. It's also invisible to users, and worst of all, it can start spreading from device to device on its own. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure "air-gapped" networks, and spread malware laterally to adjacent devices. And, though the attacks require close proximity to a vulnerable device, no interaction with a victim is needed, said the researchers.
"This works similarly to the two less extensive vulnerabilities discovered recently in a Broadcom Wi-Fi chip by Project Zero and Exodus". Customers, including Samsung Research America and IDT Corporation, trust Armis' agentless IoT security platform to see and control any device or network. "This can endanger industrial systems, government agencies, and critical infrastructure".
Part of the blame for these flaws falls on how device makers have implemented the overly complex Bluetooth protocol across devices over the years, which is where numerous weak spots are found. But since the exploit is so different to the typical attack vector, users wouldn't even be alerted if their device gets compromised, leading to a hypothetical nightmare scenario (detailed in the video below) wherein a user spreads the "infection" to vulnerable phones and tablets simply by walking in their vicinity.
It's thought to be the most widescale set of vulnerabilities based on the number of devices affected. With so many uses, the Bluetooth protocol also offers some sweet opportunities to criminal hackers.
The root cause behind the multiple vulnerabilites is an overly complex Bluetooth specification that spans 2822 pages.
But more than exploiting the device, there are lots of concerns, especially on how this malware could easily spread.
"The BlueBorne attack vector has several qualities which can have a devastating effect when combined, Aramis said in a blog post". It spreads locally over the air via Bluetooth.
Adding to the increasing potential for attack is the fact that just about every electronic device includes support for Bluetooth connectivity.
Armis, which has a commercial stake in the IoT security space, warned that the attack vector can be exploited silently.
Another security flaw would allow a threat actor to carry out a man-in-the-middle style attack, giving them the ability to intercept data and communications between Bluetooth-enabled devices.
Windows and iOS phones are protected and Google users are receiving a patch today.
A set of previously unknown security vulnerabilities in Bluetooth technology reportedly left billions of devices at risk of hacking, a team of internet-of-things (IoT) researchers has said.
Armis Labs argued that current security measures such as endpoint protection, mobile data management, firewalls, and network security solutions are not created to deal with airborne attacks, because their main focus is to block attacks that happen over IP connections. Android, by contrast, does use ASLR, but Armis was able to bypass the protection by exploiting a separate vulnerability in the Android implementation of Bluetooth that leaks memory locations where key processes are running.
Apple, Google and Microsoft have all released a patch to BlueBorne with Apple confirming that it doesn't affect devices on iOS 10 or later.