What is BlueBorne and how to protect myself?

Question

Since this is a hot-topic this week, I'm looking for a canonical answer:

• What is the BlueBorne Bluetooth vulnerability?
• How to protect myself?

Answer 1

This my condensed notes of the official BlueBorne documentation page published by Armis Labs.

---

General Overview

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices.

By spreading through the air, the BlueBorne attack vector surpasses the capabilities of most attack vectors by penetrating secure “air-gapped” networks which are disconnected from any other network, including the internet.

The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active. Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with.

---

BlueBorne Explained: How The Attack Vector Works

The BlueBorne attack vector has several stages. First, the attacker locates active Bluetooth connections around him or her. Devices can be identified even if they are not set to “discoverable” mode. Next, the attacker obtains the device’s MAC address, which is a unique identifier of that specific device. By probing the device, the attacker can determine which operating system his victim is using, and adjust his exploit accordingly. The attacker will then exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform.

The final stage of the attack exploits implementation flaws in each major OS's bluetooth stack. The linked page lists 7 CVEs for the bluetooth stacks of Android, Linux and Windows, and mentions that iOS had similar vulnerabilities that were patched in iOS 10. These include buffer overflows, remote code executions, and man-in-the-middle vulnerabilities. From the vulnerabilities listed, it seems that Android and Linux are easier targets than Windows or iOS. The reason these lead to full system compromise is that:

the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device

---

How to protect yourself

The standard answer is to disable bluetooth on all your devices immediately and wait for an appropriate OS patch (except for devices running iOS 10+, which are supposedly fine).

Although, for things like your car stereo or your bluetooth printer, it will probably never receive a patch. Even the majority of Android phones probably won't ever get patched: Google only supports its own flagship Nexus devices for 18 months, and beyond that even if Google does release a patch for a supported device, it's usually up to your mobile carrier to push the update, and most don't.

Alas, the real answer is probably: wait until this gets fixed in mainstream Android, then buy a new device.

Answer 2

According to Armis Lab: BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

As for protection: 1.Turn off Bluetooth and 2. Update your device