In April 2017, The Automated Reporting Management Information System (ARMIS) contacted Microsoft, Apple, Samsung, and Linux to report eight zero-day vulnerabilities related to connections via Bluetooth, designated as Blueborne.
Blueborne endangers millions of unpatched devices by spreading through the air, across a wide variety of platforms: mobile, desktop, and IoT operating systems which includes Android, iOS, Windows, Linux; and all related devices that use these operating systems.
Blueborne is a vulnerability by which attackers take advantage of Bluetooth connections to remotely control a device. The attack itself does not require the attacker's device to be paired with the target device, or require it to be in a discoverable state. It does, however, require the attacker to be within proximity of the device for the initial connection.
Using Man-in-the-middle attacks, the attacker will secretly intercept communication between a Bluetooth device and its intended paired device, allowing for the modification of the traffic before it arrives to one device or another.
For example, suppose Jack and Tom are trying to relay important information to each other via email and want to make sure that their communications cannot be read by third-parties.
Tom decides to setup a secure site that only Jack, and Tom can access. Jack messages Tom asking for his login credentials to the site, which is intercepted by Alex—an attacker, who then relays that message to Tom. Tom responds with the requested credentials, which are again intercepted by Alex.
Alex adjusts the credentials to go to a site he controls and sends them back to Jack. Jack uses those modified credentials unwittingly and sends a secure message to who he believes is Tom, asking for Tom to meet him at the local restaurant to drop-off an important package. Alex uses this information, and uses Jack's intended credentials to tell Tom to instead meet down by the river to drop-off the package.
Tom goes to the river, and is robbed of the package, while Jack ends up at the restaurant wondering what happened to Tom.
By spreading through the air, Blueborne takes advantage of the weakest spot in a network's defense, allowing it to spread from device to device. This makes the vulnerability incredibly infectious. As it spreads, it allows for the exploitation of high-level functions of an operating system, essentially giving an attacker full control over a device and its communications.
The attacker can then use these devices for cyber espionage, data theft, creating botnets, or to spread ransomware through a network.
ARMIS disclosed the threat to manufacturers and vendors to allow for a response of the vulnerabilities, before releasing the information to the public in September of 2017. This gave most manufacturers enough time to implement a patch to protect devices against the vulnerability.
The best way to protect your machine against vulnerabilities is to make sure that your device is always up-to-date; running updates on your devices as soon as they become available.
If you are using a device that is no longer supported by the manufacturer, the recommended fix would be to completely turn off Bluetooth when it is not being used. Users should be especially wary of using Bluetooth in public places: airports, coffee shops, parks, etc.
Replacing devices with newer, supported hardware will always be the best way to protect your personal and private information.
The Blueborne vulnerability is a good example of why having your devices secured is an important step to take in protecting your personal information. Some other, quick steps you can take to improve security on your devices are:
Security can often be an inconvenience due to the added steps of accessing your devices. Your personal information is not worth those few extra seconds of using your device. Your identity, banking information, medical information can be at risk on unsecured, and unpatched devices.
Your information is worth the added time and security.