A cyber security firm, Armis has recently discovered a pool of as many as eight exploits known as BlueBorne. Through this vulnerability, an attacker can get hold of your phone without even physically approaching it. It’s not only that, with the help of the said security compromises anyone can hack your computers as well as IoT devices.
The CEO of Seguru, Ralph Echemendia stated:
“Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks”
He further said:
“BlueBorne affects pretty much every device we use. Turns that Bluetooth into a rotten black one. Don’t be surprised if you have to go see your security dentist on this one”
How Does BlueBorne Operate
The following video clearly indicates how the vector empowers the hacker to initially identify a device, connects it through Bluetooth and later securing the control of the screen and the apps.
The process begins by the discovery of a particular device to hack. It includes everything from coercing the device to provide the information about itself to the announcement of keys and passwords.
Thereafter, the hacker will implement a set of code which will eventually help in gaining full control of the device.
One of the researchers stated:
“This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering). Due to a flaw in the BNEP service, a hacker can trigger a surgical memory corruption, which is easy to exploit and enables him to run code on the device, effectively granting him complete control”
As soon as the hacker gets the access of a particular device, he starts to stream the data from the device in a ‘man-in-the-middle’ attack.
According to another researcher:
“The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This attack does not require any user interaction, authentication or pairing, making it practically invisible”
Which devices are vulnerable?
Essentially, iOS and Windows devices seem resilient against the attack. However, Android and Linux users which are still running an older version may be at risk. On the other hand, Google users will be receiving the patch very soon.
The ideal way to protect yourself from all these hacks is to keep your devices updated. Moreover, everyone needs to be wary of older IoT devices. BlueBorne may prove to be harmful for devices which are less popular.
In a statement, Armis wrote:
“New solutions are needed to address the new airborne attack vector, especially those that make air gapping irrelevant. Additionally, there will need to be more attention and research as new protocols are using for consumers and businesses alike. With the large number of desktop, mobile, and IoT devices only increasing, it is critical we can ensure these types of vulnerabilities are not exploited”
It’s time to update your device to avoid any mishap.