The BlueBorne baptized air attack vector comes over the carrier medium air at the Bluetooth interface. It does not require any user actions such as pairing the devices. Due to the fact that Bluetooth devices are constantly looking for new partners in the vicinity as soon as this service is activated, they are particularly vulnerable.
Air attacks unfortunately offer the attacker a number of possibilities. Firstly, the airborne attack spreads much more contagiously and can be carried out with minimal effort. Second, it allows the attack to bypass current security measures and remain undetected as traditional methods do not protect against air threats.
Bluetooth is a difficult protocol and accordingly difficult to implement, making it vulnerable to two types of vulnerabilities. On the one hand, vendors are likely to follow word-to-word protocol implementation protocols. Which in turn means that if a vulnerability is found in a platform, this could affect others.
For this reason, the weak points that comprise BlueBorne are based on the various implementations of the Bluetooth protocol and are widespread and heavier than those of recent years. It is concerned that the vulnerabilities that have been found are only the tip of the iceberg and that the different protocol implementations on other platforms may contain additional vulnerabilities.
The vulnerabilities disclosed by Armis affect all devices that run on Android, Linux, Windows and version 10 of iOS operating systems, regardless of the Bluetooth version used. This means that almost every computer, mobile device, Smart TV, or any other IoT device running on one of these operating systems is compromised by at least one of the eight vulnerabilities.
How does the attack vector work?
The BlueBorne attack vector takes several steps. First, the attacker locates active Bluetooth connections around him. Devices can be identified even if they are not set to discoverable mode. Next, the attacker gets the MAC address of the device, which is a unique identifier of that specific device.
By exploring the device, the attacker can determine which operating system his victim is using and adjusts his exploitation accordingly. The attacker will now exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform. This allows him to gain access to his evil goal. At this point, the attacker can decide to create a man-in-the-middle attack and control the communication of the device or take full control of the device and use it for a wide range of cybercriminality.
Protection against BlueBorne attacks
Security gaps that can spread across the air and between devices present a huge threat to any organization or individual. Current security, including endpoint protection, mobile data management, firewalls, and network security solutions, is not designed to address these types of attacks and related issues Vulnerabilities, and exploits, as their main purpose is to block attacks that can spread through IP connections and not through Bluetooth connections.
At the moment, the only way to deactivate the Bluetooth connections is to enable it, if necessary, for the period of use. It should be pointed out that active connections with Bluetooth offer an attack potential.