Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

BlueBorne: Bluetooth At Risk

Monday, November 13, 2017 09:38

Bluetooth is a wireless technology that allows for the exchange of data over short distances, and it has become somewhat of a household name, as most of our mobile devices nowadays are capable of using it.  In fact, it is estimated that over 8.2 billion devices today use Bluetooth, making it the unquestionable standard for short range communication protocols.  It would stand to reason that any technology this widespread would be especially attractive to attackers.  That is exactly the case with BlueBorne, the aptly named attack vector described by Armis Labs, the company responsible for its discovery.

BlueBorne leverages Bluetooth connections to penetrate and take complete control over targeted devices.  This vulnerability can affect any device that has Bluetooth capability including desktops, laptops, phones, tablets and many more.  What’s most concerning about BlueBorne is that it doesn’t require your device to be paired with the attacker’s device.  It doesn’t even require you to be in discoverable mode.

Once exploited on a device, BlueBorne allows the attacker to do a multitude of different things, and they can do it remotely.  Not only can the attacker access all of the information on your device including pictures and videos, but they can also take complete control of its hardware like the camera or display.

The inherent risk in Bluetooth itself is highlighted by this discovery. Bluetooth works in a very similar way as any other network technology, except that it doesn’t have any security measures in place to protect devices using it.  There are no firewalls or routing involved with Bluetooth operations.  It connects one device directly to another, wirelessly. And for the most part, once you’re in, you’re in.  Granted, when two devices are paired the communication is encrypted, meaning only the two devices can read the information.

The most important thing to mention is how to check if you are vulnerable and what you can do to protect yourself.  The first thing you can do is be sure you are running the latest version of mobile software on your device such as Android or iOS.  If you are using a laptop or desktop, be sure your Bluetooth driver is up to date, as well as your operating system such as Windows or MacOS.  Unfortunately, that may not be enough to protect your device, as some manufacturers have yet to release updates to address BlueBorne.

Luckily the company mentioned earlier, Armis Labs, has set up a website detailing every bit of information about BlueBorne you could hope to know, including a list of affected devices and appropriate patches.  They even have a example video of an attack on a mobile device.  For anyone curious of the true scope of BlueBorne’s capabilities, it is worth a watch.