The folks over at Armis Labs has just revealed a new attack vector that targets unpatched Android, iOS, Windows, and Linux devices with Bluetooth enabled. The exploit has been named BlueBorne since it targets devices with Bluetooth connectivity and spread through the air (airborne) and attacks devices via said protocol. It is quite nasty as it is able to compromise the most popular operating systems and will infect all types of devices (smartphones, IoT, PCs, etc).
The BlueBorne attack doesn’t even require the victim to tap or click on any malicious links. If your device has Bluetooth and is on then it is possible for an attacker to take complete control of it from 32 feet away. This even works without the attacker pairing anything to the victim’s device and the target device doesn’t need to be set to discoverable mode either. The team at Armis Labs have identified eight zero-day vulnerabilities so far and believes many more are waiting to be discovered.
The BlueBorne vulnerability has several stages that first requires an attacker to identify devices which have Bluetooth connections around them. Again, these can be found even if the software isn’t telling the device to be in discoverable mode. The next step involves the attacker obtaining the target’s MAC address, and then they need to probe it to identify the operating system. Once that is known, the attacker can adjust their exploit and use it to create a Man-in-The-Middle attack and control the device’s communication, or take full control over the device.
You can watch a demo of this in action on Android in the video above. The team notified Google and Microsoft on April 19th, then contacted the Linux kernel security team multiple times throughout August and September. They attempted to get in touch with Samsung April, May, and June but were unable to receive any response. All Android smartphones, tablets and wearables (except those using only Bluetooth Low Energy) are affected, but Android’s September security update patches the vulnerabilities.