Blueborne – A Widespread And Severe Mobile Threat

Blueborne bluetooth based attack vector

One of the security challenges we face in a wireless world is the wide range of ways our devices can connect. In the old days, if you wanted to access a computer, you’d either needed keyboard access or you needed a cable! All that’s changed in today’s mobile world.  Now our devices move around with us all the time. Even when they are in our possession, they are vulnerable to being hacked.  Every smart device contains multiple radios all of which represent potential attack surfaces. Insecure WiFi gets a lot of attention but your phone doesn’t just have WAN connectivity. It also has short range radios like Bluetooth and NFC. Cue Blueborne.

Blueborne

The recent announcement by security researchers at Armis Labs of a new Bluetooth based attack vector was a timely reminder that there are more ways to compromise a mobile device than through a malware download. Armis have dubbed the attack vector ‘BlueBorne’ and the vulnerability is both widespread and severe.  Over 8 billion devices including traditional computers, mobiles and IoT devices are potentially impacted. Hackers can leverage Bluetooth to penetrate and take complete control over targeted devices. What’s more, infection takes place without any end-user awareness or action. It’s enough for Bluetooth to be turned on for a device to be vulnerable.

How it works

An attack starts with a scan of nearby Bluetooth devices which checks what operating system they’re running.  Once this has been established an operating system specific exploit is executed to target the Blueborne vulnerabilities. The attacker has the choice to either control the device’s communications or to take full control of the device. In the latter case, the hacker could use this control, among other things, to eavesdrop on communications, exfiltrate sensitive data or execute a ransomware style attack.

Are my devices vulnerable?

The good news is that both Google and Apple have provided updates which eliminate the vulnerability. Any device running IOS 10 or 11 is protected i.e. 89% of Apple devices currently in use. The monthly Android security patch for September includes the necessary operating system changes to eliminate the Blueborne related vulnerabilities. Unfortunately, Android updates are slow to propagate. Android devices will remain vulnerable to the attack for at least a few months.

How Corrata helps

Corrata’s mobile threat defense solution provides you with a number of features that protect your enterprise against vulnerabilities such as Blueborne. Corrata monitors device activity for abnormal behavior. It provides early warning of device compromise as a result of zero-day attacks. Corrata monitors all communications to and from a device regardless of channel and can detect attempts to intercept device communication. Once a patch has become available, Corrata will let you know which of your devices have been patched and which remain vulnerable. Furthermore, Corrata makes it easy to quarantine compromised or vulnerable devices.