Eight Bluetooth-related vulnerabilities (four that are critical) affecting over 5 billion Android, Windows and Linux devices could allow attackers to take control of devices, access corporate data and networks, and easily spread malware to other devices
PALO ALTO, California, Sept. 12, 2017 — Armis, the enterprise IoT security company, today announced the discovery of a set of zero-day Bluetooth-related vulnerabilities affecting billions of devices in use today dubbed, “BlueBorne.”
Nearly all devices with Bluetooth capabilities, including smartphones, TVs, laptops, watches, smart TVs, and even some automobile audio systems, are vulnerable to this attack. If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a “man-in-the-middle” to gain access to critical data and networks without user interaction.
The vulnerabilities were found in the Bluetooth implementations in Android, Microsoft, Linux and iOS versions pre-iOS 10. Armis reported the vulnerabilities to Google, Microsoft, and the Linux community. Google and Microsoft are releasing updates and patches on Tuesday, September 12. Others are preparing patches that are in various stages of being released.
These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date. Previously identified flaws found in Bluetooth were primarily at the protocol level. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.
These proximity-based network vulnerabilities could allow attackers to create broad malware infections that could spread from one infected device to many others by wirelessly connecting to other devices over Bluetooth. The device-to-device connectivity nature of Bluetooth means an airborne (or “BlueBorne”) attack could easily spread without any action required by a user.
“These silent attacks are invisible to traditional security controls and procedures. Companies don’t monitor these types of device-to-device connections in their environment, so they can’t see these attacks or stop them,” said Yevgeny Dibrov, CEO of Armis. “The research illustrates the types of threats facing us in this new connected age.”
There are two specific methods attackers could use with exploit code. They could:
Connect to the target device in an undetected manner, then remotely execute code on that device. This would allow the attacker to take full control of a system, up to and including leveraging the device to gain access to corporate networks, systems, and data.
Conduct a Man-in-the-Middle attack — effectively creating a Bluetooth Pineapple — to sniff traffic being sent between Bluetooth-enabled devices or spoof a legitimate Bluetooth device and hijack the connection and redirect traffic. This would enable attackers to download malware to devices and take complete control of them. This attack would not require additional hardware, as it uses the Bluetooth connection on the device against the device itself.
The automatic connectivity of Bluetooth, combined with the fact that nearly all devices have Bluetooth enabled by default, makes these vulnerabilities all the more serious and pervasive. Once a device is infected with malware, it can then easily broadcast the malware to other Bluetooth-enabled devices in its vicinity, either inside an office or in more public locations.
While waiting for the patch, users can disable Bluetooth to protect devices.
For additional information, please visit armis.com/blueborne.
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust our unique out-of-band sensing technology to discover and analyze all managed, unmanaged, and IoT devices—from traditional devices like laptops and smartphones to new unmanaged smart devices like smart TVs, webcams, printers, HVAC systems, industrial robots, medical devices and more. Armis discovers devices on and off the network, continuously analyzes endpoint behavior to identify risks and attacks, and protects critical information and systems by identifying suspicious or malicious devices and quarantining them. Armis is a privately held company and headquartered in Palo Alto, California. Follow us on Twitter, LinkedIn and Facebook.
About Bain Capital Ventures
Bain Capital Ventures partners with disruptive founders to accelerate their ideas to market. The firm invests from seed to growth in startups driving transformation across industries, from security and cloud infrastructure to logistics and e-commerce to finance and healthcare. The firm has helped launch and commercialize more than 240 companies, including DocuSign, Jet.com, Kiva Systems, Lime, LinkedIn, Rapid7, Redis Labs, Rent the Runway, Rubrik, SendGrid and SurveyMonkey. Bain Capital Ventures has $5.2 billion in assets under management with offices in San Francisco, New York, Boston and Palo Alto. Follow the firm via LinkedIn and Twitter.