BlueBorne is an attack leveraging Bluetooth connections to penetrate and take control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. According to Google it “could enable a proximate attacker to execute arbitrary code within the context of a privileged process.”
- The attacker locates active Bluetooth connections around him or her. Devices can be identified even if they are not set to “discoverable” mode.
- The attacker obtains the device’s MAC address, which is a unique identifier of that specific device.
- By probing the device, the attacker can determine which operating system his victim is using, and adjust his exploit accordingly.
- The attacker will then exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform and gain the access he needs to act on his malicious objective.
- The attacker can choose to
- Create a Man-in-The-Middle attack and control the device’s communication, or
- Attempt to compromise the device to take full control over the device.
How zIPS Helps
Zimperium customers benefit from zIPS’ risk assessment and active threat detection:
- Risk Assessment: For both iOS and Android, zIPS can identify which mobile devices are in compliance with the latest OS versions and security patches.
- Active Threat Detection:
- Exploits Leveraging Bluetooth: zIPS can detect attacks that leverage BlueBorne to exploit devices directly. In these scenarios, zIPS monitors the system behavior and detects the effect of an attack regardless of its entry point (in this case Bluetooth). Once an attack is detected, zIPS notifies the security team with detailed forensics of the attack and will remediate the attack if permissions allow.
- Exploits Within Bluetooth Stack: zLabs is creating exploit PoCs to confirm z9 detects attacks that occur completely within the Bluetooth communications stack. Additional communications will follow soon.
Additional Recommended Actions
Here are additional practices to protect devices against a Bluetooth attack like BlueBorne.
- Turn off Bluetooth until it's needed to perform a function or pair to partner device.
- Update Your OS
- iOS - Updating your OS with the most recent security patches reduces your chances of being vulnerable. If you are running iOS 10+ you are safe from the BlueBorne vulnerability.
- Android - The latest Android security update indicates Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 are vulnerable via CVE-2017-0781. You will need to install updates as soon as they become available to you from your wireless carrier