Bluetooth flaws leave billions of devices open to attacks

Enlarge Image Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits.                  Josh Miller  CNET

Enlarge Image Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits. Josh Miller CNET

"With the large number of desktop, mobile, and IoT devices only increasing, it is critical we can ensure these types of vulnerabilities are not exploited", wrote Armis. Armis Labs explained that through improper validation, BlueBorne is able to manipulate Bluetooth's tethering feature to share and data and is able to spread data. The attacks, dubbed Blueborne, could allow for attackers and other malicious actors to gain access to the information and activity of Bluetooth-enabled devices.

More information on the attack can be found below. Malware exploiting the attack vector may be particularly virulent by passing peer-to-peer and jumping laterally, infecting adjacent devices when Bluetooth is switched on, said the researchers.

"Imagine WannaCry Blue", adds Michael Parker, Armis' head of marketing.

The BlueBorne vulnerabilities were discovered by internet of things (IoT) security firm Armis, which first responsibly reported the flaws to the impacted vendors, including Google, Microsoft and the Linux community. They held off on publishing their work in order to coordinate disclosure with the affected companies.

Apple said it had already fixed the issue with its release of iOS 10 a year ago; however, people running earlier versions of the software are vulnerable.

It said that its Windows phones were not impacted by the attack vector.

Get Data Sheet, Fortune's technology newsletter.

While waiting for the patch, users can disable Bluetooth to protect devices. Google is patching the problem for devices running Android 4.4.4 KitKat and later, which covers the vast majority of active Android devices. Google passed the patch onto partners in early August which means Nexus and Pixel devices with the latest updates are safe, but others will have to wait on OEMs to push the update. However, the company still warns users who are on older versions of iOS that they're at risk.

The BlueBorne attack vector has several stages. "The fact that all vendors have the same flaws does seem to indicate that there is need for further tightening in how the Bluetooth protocol is implemented".

"Bluetooth is complicated. Too complicated", the researchers write in their whitepaper discussing the attacks. The vulnerability found in Apple's Low Energy Audio Protocol (LEAP), which works on top of Bluetooth, enables a remote code execution attack that could allow an attacker to silently take over a device.

"These silent attacks are invisible to traditional security controls and procedures".

A single infected device moving through a busy office past dozens of people with phones, tablets, or computers with Bluetooth switched on could cause a rapid infection across networks - leading to network infiltration, ransomware attacks, or data theft. Armis' 40-person team is headquartered in Palo Alto, Calif. and Tel Aviv, and has raised $17 million in venture capital from investors such as Sequoia Capital and Tenaya Capital.

"The automatic connectivity of Bluetooth, combined with the fact that almost all devices have Bluetooth enabled by default, makes these vulnerabilities all the more serious and pervasive", researchers said.

The security firm also said that BlueBorne is based on the vulnerabilities found in the various implementations, and it's anxious that other vulnerabilities may exist on other Bluetooth-connected platforms that it hasn't yet tested.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.