Security company Armis, identified a new vulnerability in computers and mobile devices that leaves them susceptible to attack via Bluetooth.
The exploit, dubbed “BlueBorne,” can be exploited without users having to click on a link or download a questionable file – in fact, no action by the user is required to perform the attack. Also, attacks exploiting them spread through the air, so it’s difficult to detect them and are highly contagious. Users will also not be able to detect whether they are being hit with a BlueBorne attack.
Armis previously alerted most affected parties back in April, but as of today, it’s mostly Android devices that remain vulnerable to attack. As Armis noted in its BlueBorne info page, Apple’s iOS beyond version 9.3.5 are vulnerable, but that vector was ironed out in iOS 10. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here. Google’s Android, however, is spread across so much hardware that the onus to update falls on third-party manufacturers, who might not patch out the vulnerability in time. For its part, Google released protective patches for Nougat (7.0) and Marshmallow (6.0) as part of its September security update.
The other wildcard here: Linux-based devices. Armis informed Linux device operators of the vulnerability very late (last month, as opposed to back in April when it divulged to the other mobile OS providers). Accordingly, Armis wasn’t aware of patches for Linux operating systems, meaning anything running BlueZ are vulnerable to one of the vectors, while those with Linux version 3.3-rc1 can be attacked by another. This includes Samsung’s Gear S3 smartwatch, its smart TVs and family hub.
Armis, identified the following security flaws:
- Linux kernel RCE vulnerability – CVE-2017-1000251
- Linux Bluetooth stack (BlueZ) information leak vulnerability – CVE-2017-1000250
- Android information leak vulnerability – CVE-2017-0785
- Android RCE vulnerability #1 – CVE-2017-0781
- Android RCE vulnerability #2 – CVE-2017-0782
- The Bluetooth Pineapple in Android – Logical Flaw – CVE-2017-0783
- The Bluetooth Pineapple in Windows – Logical Flaw – CVE-2017-8628
- Apple Low Energy Audio Protocol RCE vulnerability – CVE-2017-14315
More technical details about each can be found in this paper.