BlueBorne Attack Highlights Flaws in Linux, IoT Security

Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.

Popular consumer smart products, including Amazon Echo, Google Home, and Samsungs Gear S3, are dangerously exposed to airborne cyberattacks conducted via Bluetooth.
Researchers at IoT security firm Armis earlier this year
discovered
Blueborne, a new group of airborne attacks. The vulnerabilities let attackers take full control of any device running Linux, or OS derived from Linux, putting the majority of IoT devices at risk of exposure. The researchers discussed and demonstrated their latest findings at Black Hat Europe 2017, held last week in London.
Vulnerabilities in the Bluetooth stack have been overlooked for the past decade, they explained. Bluetooth, often perceived as peripheral, could benefit attackers if they successfully break into a high-privilege device. As the researchers demonstrated, one compromised product can spread its attack over the air to other devices within Bluetooth range.
These attacks dont require any user interaction or any authentication, said Armis head researcher Ben Seri in their presentation. Armis experts found 5.3 billion devices at risk and eight vulnerabilities, four of which were classified as critical. These flaws enable attackers to bypass and break into a device without its owner knowing what happened, he explained.
Each vulnerability across the Bluetooth stack is a testament to the fact that no specific part is vulnerable, but Bluetooth implementations have not been audited enough, he continued. In general, these implementations are complex and unexamined.
Bluetooth has a large attack surface, Armis researcher Gregory Vishnepolsky said. When Bluetooth is enabled, a device may not be discoverable but it is always listening for incoming connections. Hackers dont need a device to be discoverable in order to break in, he noted.
Bluetooth devices transmit parts of their MAC addresses over the air. If an attacker is close enough to sniff radio between two communicating Bluetooth devices, they can get 80% of the address from a single packet and brute-force the rest. Open-source hardware tools can do this for as little as $100, he said. Attackers put these devices on networks to listen for packets.
Many OEMs use adjacent MAC addresses for wifi and Bluetooth. Wifi monitor mode detects nearby Bluetooth devices. Seri explained how L2CAP, the Bluetooth equivalent of TCP, is implemented in the kernel. Connecting to an open port doesnt require authentication, and further, many obscure quality of service features increase the amount of code -- and as a result, the attack surface.
To illustrate the vulnerability of Bluetooth, the researchers presented examples of everyday devices that can be compromised. One was the Amazon Echo, which is not equipped with expected stack overflow mitigations KASLR, stack canaries, Fortify_source, NX Bit, or Access Control. With no NX Bit, for example, an attacker can just jump to the shell code in the stack and overflow it.
The researchers did a live demo in which they hacked a Samsung S3 Gear smartwatch, which over Bluetooth hacked a Google Home, which used a Bluetooth connection to break into the Amazon Echo.
No security mechanisms today are actually looking at Bluetooth communications or non-wifi protocols, they explained. This needs to be fixed.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
BlueBorne Attack Highlights Flaws in Linux, IoT Security