{"id":9606,"date":"2017-09-29T08:10:49","date_gmt":"2017-09-29T16:10:49","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/29\/news-3379\/"},"modified":"2017-09-29T08:10:49","modified_gmt":"2017-09-29T16:10:49","slug":"news-3379","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/29\/news-3379\/","title":{"rendered":"BlueBorne \u2013 Bluetooth&#8217;s airborne influenza"},"content":{"rendered":"<p><strong>Credit to Author: Nathan Collier| Date: Fri, 29 Sep 2017 15:00:11 +0000<\/strong><\/p>\n<p>Armis Labs has discovered a new attack vector that targets any device that has Bluetooth capability. This includes mobile, desktop, and IoT \u2014 roughly accounting for <a href=\"https:\/\/www.bluetooth.com\/what-is-bluetooth-technology\/where-to-find-it\" target=\"_blank\" rel=\"noopener\">8.2 billion devices<\/a>. All operating systems are susceptible \u2014 Android, iOS, Windows, and Linux. Dubbed <a href=\"https:\/\/www.armis.com\/blueborne\/\" target=\"_blank\" rel=\"noopener\">BlueBorne<\/a>, it exposes\u00a0<a href=\"https:\/\/www.kb.cert.org\/vuls\/id\/240311\" target=\"_blank\" rel=\"noopener\">several vulnerabilities<\/a>\u00a0in the Bluetooth technology. These vulnerabilities open up the potential to perform an array of malicious attacks. Some of which, stated by Armis, are as follows:<\/p>\n<ul>\n<li>Take control of devices<\/li>\n<li>Access corporate data and networks<\/li>\n<li>Break into secure networks that use <em><a href=\"https:\/\/en.wikipedia.org\/wiki\/Air_gap_(networking)\" target=\"_blank\" rel=\"noopener\">air gap<\/a><\/em> security measures<\/li>\n<li>Spreading malware thatise in range of device with infection<\/li>\n<\/ul>\n<p>BlueBorne does not require Bluetooth devices to be paired to other devices to be exploited. Even worse, devices are susceptible even when Bluetooth is in non-discoverable mode.<\/p>\n<h3>The ease of exploitation<\/h3>\n<p>What exactly does it take to exploit these new-found Bluetooth vulnerabilities? As noted in the <a href=\"http:\/\/go.armis.com\/hubfs\/BlueBorne%20Technical%20White%20Paper-1.pdf?t=1505950263370\" target=\"_blank\" rel=\"noopener\">Armis Labs BlueBorne whitepaper<\/a>, the first step to is to steal the BD_ADDR (Bluetooth Device address). This is a hardcoded 48 bit <a href=\"https:\/\/en.wikipedia.org\/wiki\/MAC_address\" target=\"_blank\" rel=\"noopener\">MAC address<\/a>\u00a0of the Bluetooth device. Stealing the BD_ADDR the Bluetooth device, especially when it is set to non-discoverable, used to be considered a feat.\u00a0 With the introduction of new Bluetooth \u201csniffing\u201d hardware, this has become a lot easier. One such device is the open source hardware <a href=\"https:\/\/github.com\/greatscottgadgets\/ubertooth\/\" target=\"_blank\" rel=\"noopener\">Ubertooth<\/a> which plugs into a USB port of a computer.\u00a0 Simply be within range with the Ubertooth plugged in, and it will grab any Bluetooth traffic from the air. With the help of some other monitoring tools to analyze the traffic \u2014 voil\u00e0 \u2014 you have BD_ADDRs.<\/p>\n<h3>Spreading malware via Bluetooth<\/h3>\n<p>One of the more intriguing attacks is the potential to propagate malware using BlueBorne vulnerabilities. More specifically, through mobile devices.<\/p>\n<p>The only way I could hypothesize this happening is through an attack using a list of collected BD_ADDRs and then creating a malicious app which scans for those addresses. Any device within range on the list becomes a target. Using the BlueBorne vulnerabilities to propagate itself, the malicious app transfers to the target device. Keep in mind the user of the target device would need to\u00a0accept installing the malicious app as well.<\/p>\n<p>All this isn&#8217;t impossible, but unlikely with the limitation of requiring a list of\u00a0BD_ADDRs. Now if a mobile device could steal BD_ADDRs for itself \u2014 which it can\u2019t at this point \u2014 then we should start worrying.<\/p>\n<h3>So how bad is it?<\/h3>\n<p>The work done by Armis Labs to present the BlueBorne vulnerabilities is extremely valuable to the security industry. It highlights the need for improved Bluetooth security. I applaud them for their hard work in this endeavor.<\/p>\n<p>The introduction of sniffing hardware like Ubertooth and the creation of other open-source tools to analyze the collected traffic like <a href=\"https:\/\/www.patreon.com\/kismetwireless\" target=\"_blank\" rel=\"noopener\">Kismet<\/a> have taken down the toughest barrier for hackers \u2014 collecting the BD_ADDR. With this exposure, I agree with Armis Labs predication \u2014 we will continue to see more Bluetooth vulnerabilities arise.<\/p>\n<p>The requirement of having to be within Bluetooth range creates a limitation to BlueBorne. I believe this limitation will isolate it to more targeted attacks \u2014 most likely against specific companies.\u00a0 In this case scenario, a spear phishing attack would be much easier to carry out and wouldn\u2019t require being physically within Bluetooth range. Therefore, I\u2019m skeptical that we will see BlueBorne implemented in a real-world attack.<\/p>\n<h3>Disabling Bluetooth<\/h3>\n<p>Bluetooth, by default, is enabled. If you don\u2019t use Bluetooth i.e. you don\u2019t have any devices paired, it&#8217;s best to disable it. If you do use your Bluetooth, disabling it when not in use is the most secure option against BlueBorne. However, many use their mobile devices to pair with their vehicle\u2019s handsfree unit. Ideally, remembering to enable\/disable Bluetooth depending on whether you&#8217;re driving or not is the best option. Not as ideal and more likely, you will forget to enable Bluetooth before starting to drive \u2014 myself included. Therefore, you have to weigh what is more of a threat. A BlueBorne attack or looking at your phone to enable Bluetooth WHILE driving? Just something to think about.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/blueborne-bluetooths-airborne-influenza\/\">BlueBorne \u2013 Bluetooth&#8217;s airborne influenza<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/blueborne-bluetooths-airborne-influenza\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Nathan Collier| Date: Fri, 29 Sep 2017 15:00:11 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/blueborne-bluetooths-airborne-influenza\/' title='BlueBorne \u2013 Bluetooth's airborne influenza'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/Bluetooth.png' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>Armis Labs has discovered a new attack vector that targets any device that has Bluetooth capability.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/\" rel=\"category tag\">Cybercrime<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/exploits\/\" rel=\"category tag\">Exploits<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/android\/\" rel=\"tag\">Android<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/armis-labs\/\" rel=\"tag\">Armis Labs<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/blueborne\/\" rel=\"tag\">blueborne<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/bluetooth\/\" rel=\"tag\">bluetooth<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mobile\/\" rel=\"tag\">Mobile<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ubertooth\/\" rel=\"tag\">Ubertooth<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/blueborne-bluetooths-airborne-influenza\/' title='BlueBorne \u2013 Bluetooth's airborne influenza'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/blueborne-bluetooths-airborne-influenza\/\">BlueBorne \u2013 Bluetooth&#8217;s airborne influenza<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10462,15274,15275,11472,4503,10987,10554,15276],"class_list":["post-9606","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-android","tag-armis-labs","tag-blueborne","tag-bluetooth","tag-cybercrime","tag-exploits","tag-mobile","tag-ubertooth"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9606"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9606\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9606"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}