The IoT cybersecurity firm, Armis, has revealed eight vulnerabilities in the implementation of Bluetooth in several operating systems, including Android, Windows, Linux, and iOS, successful exploitation of which could allow hackers to take complete control of a device. Indeed, these are the most severe vulnerabilities found in Bluetooth in recent years and are worrying due to their ability to be spread over an air interface. They have been termed ‘The BlueBorne Vulnerabilities’.
Airborne attacks on mobile devices date back to the Cabir worm, an attack that presented the first proof of concept of a Bluetooth malware that was spread fast and wide, and even penetrated enclosed air-gapped networks.
The BlueBorne vulnerabilities are the result of a complex protocol which has been discarded and ignored by the research community for years, along with two common misconceptions regarding Bluetooth. The first misconception is that Bluetooth cannot be intercepted via the air, the second being that it always requires some sort of user interaction. The BlueBorne vulnerabilities prove both assumptions wrong as merely having Bluetooth on a device switched on renders it vulnerable to an attack.
What is crucial to understand here however is the sheer magnitude of this set of vulnerabilities. It is simply breathtaking; virtually any device with a Bluetooth interface is susceptible to at least one of BlueBorne’s vulnerability sets. Since the discovery of BlueBorne, all operating system manufactures have issued patches mitigating the vulnerabilities, and on iOS, the vulnerabilities only affect versions prior to iOS 10. On September 9th 2017, Google issued a security update for its Android users.
Check Point SandBlast Mobile however can protect mobile devices from this threat, both on iOS and Android, by helping to verify that mobile devices on your network are in compliance with the latest OS versions and security patches.
In addition, any active exploitation of the Android Bluetooth stack will be detected by SandBlast Mobile on device detection, giving you an extra layer of protection.
Here’s how to make sure you are protected:
In Settings->Policy Settings->Device, change to the following configuration: