This past weekend, Armis researchers Ben Seri and Gregory Vishnepolsky presented a detailed explanation of the Android Remote Code Execution vulnerabilities related to the BlueBorne attack vector at the Hacktivity conference. This presentation included new information regarding the vulnerability, as well as the exploit code itself.
Armis has now released a white paper that elaborates upon the Android RCE vulnerability and its exploitation, which are part of the BlueBorne attack vector, revealed in September 2017. BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. Armis has identified 8 vulnerabilities related to this attack vector, affecting four operating systems, including Windows, iOS, Linux, and Android. Following Armis discoveries, Google has issued a patch to its Bluetooth stack in Android' codebase (AOSP). This post contains additional details that were not included in the Blueborne whitepaper and unveils the exploit source code. To fully understand the underlying facilities that allow exploitation of the Android vulnerabilities, it is strongly suggested to read the full technical whitepaper, especially the following sections: Demystifying Discoverability, SMP, SDP and BNEP.
Future publications will explore in detail the BlueBorne vulnerabilities on Linux and the "Bluetooth Pineapple" attack which affects both Android & Windows devices.