A security company called Armis is spilling the beans on a collection of eight different exploits that it is collectively calling BlueBorne. These exploits can allow a hacker access to your phone in seconds without having physical access to the device. Perhaps the scariest part of the exploit is that BlueBorne isn't limited to your phone alone; the hack can allow access to phones, computers, and IoT devices.
Armis notes that it believes more vulnerabilities lie waiting to be discovered in various platforms that use the Bluetooth wireless communications standard. The firm says that its research proves these vulnerabilities exist and that they can be exploited. BlueBorne can be used to execute a range of different hacks including remote code execution and man-in-the-middle attacks.
"BlueBorne affects pretty much every device we use. Turns that Bluetooth into a rotten black one. Don’t be surprised if you have to go see your security dentist on this one," said Ralph Echemendia, CEO of Seguru.
The video below shows the exploit being executed as the attacker identifies a device, connects to it via Bluetooth, and then controls the screen and apps. The upside is that the exploit isn't completely stealthy, it does wake up the device as the hack is executed potentially tipping the user that something is amiss with their device.
The researchers say that the start of the hack is finding a device and then forcing the device to give up details about itself and eventually forcing the device to release keys and passwords. The attack vector is said to be very similar to heartbleed, an exploit that forced web servers to display passwords and other keys remotely.
Eventually the exploit will give the hacker full control of the device. When the hacker executes a man-in-the-middle attack they are able to stream data from the device. The researchers write, "The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This attack does not require any user interaction, authentication or pairing, making it practically invisible."
As for a fix, Windows and iOS devices are protected from this hack already. Many Android users should receive a patch for the issue today. However, devices running older versions of Android or Linux are potentially susceptible to the exploit. This certainly isn't the first exploit that left a large number of devices potentially vulnerable. Broadpwn was an exploit that exploited devices using the Broadcom chipset allowing it to potentially affect Android and iOS devices.