Enterprise IoT security company Armis this week announced a set of vulnerabilities, dubbed BlueBorne, that impact any connected device using Bluetooth. Nearly all devices with Bluetooth capabilities, including smartphones, TVs, laptops, watches, smart TVs, and even some automobile audio systems, are vulnerable to this attack. If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a "man-in-the-middle" to gain access to critical data and networks without user interaction.

 Nearly all devices with Bluetooth capabilities, including smartphones, TVs, laptops, watches, smart TVs, and even some automobile audio systems, are vulnerable to this attack. If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a "man-in-the-middle" to gain access to critical data and networks without user interaction.

 I spoke to Yann Leretaille, Co-Founder of 1aim, a Full-Stack AI building platform to learn more about how the attack came about. He explained:

"BlueBorne demonstrates the security risks of insecure low-level stack implementation. These stacks are a standard implementation of common protocols such as USB, WiFi, and Bluetooth. They are highly complex and written in C, a low-level language that doesn’t take into account safety features like modern programming languages do. When a company wants to use one of these protocols in a product like wireless headphones or a USB keyboard, they are not writing the stacks from scratch, but typically licensing them from the chip manufacturer. There are billions of different devices at the moment running on the same stacks, which means that everything is vulnerable to the exact same attack, from your smart coffee machine to your wireless mouse.

Even if you wanted to write your own stack, it would be a monumental effort, as the Bluetooth specification manual, for instance, is thousands of pages long and must be followed to the T. Because companies are forced to rely on this insecure pre-packaged code, it is difficult to secure a system that is built on these stacks."

The Breach Cannot Be Detected by Anti-Virus Software

Airborne attacks are particularly problematic because current endpoint protection, mobile data management, firewalls, and network security solutions are not designed to identify these kinds of vulnerabilities and associated exploits. 

They can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure.

What's the Solution?

Security companies are at work on security solutions specifically designed to discover, profile, and sanction devices on or off the corporate network, as well as identify the connections they make, including device-to-device connections. The vulnerabilities have been patched by Google, Microsoft, and the Linux community, but it’s important to note that it is difficult for operating systems on connected devices to be updated. 

Leretaille suggests that the problem needs to be addressed at a device management level:

"We need to rethink how we implement stacks. Because they are on such a low level, they fly beneath the radar. We need to introduce new paradigms and best practices, move to modern, safe system programming languages like Rust, and conduct more security audits. It is inevitable that modern stack implementations will have bugs. But we have to ensure that if they fail, they do not lead to the same damage that we are seeing today with BlueBorne."

Armis Labs has released an official vulnerability tester app on the Play Store specifically designed to scan your device and see if it is vulnerable. It can also scan and locate devices that could be vulnerable to the BlueBorne attack vector. Simply use the screen of your mobile device as a viewfinder to scan your device or locate connected devices in your environment. The viewfinder will alert you if this device could be a carrier to a BlueBorne attack.