From the relatively obscure to the blatantly obvious, Bluetooth has had its vulnerabilities in the past. Bluesnarfing, BlueSmack, Blooover, the list continues without ceasing to have funny names. Attackers also have many surfaces to attack including the various Bluetooth profiles available, trusts, and even the pairing process. BlueBorne specifically, the topic discussion recently, focuses on being completely undetectable both by the user and even the Bluetooth pairing process.
The problem with Bluetooth security is that because it’s so ubiquitous and prevalent, it’s almost guaranteed to be scrutinized on an hourly basis. From smartphones to sneakers, Bluetooth penetrates almost all electronic devices. What’s more is that Bluetooth, for the general public, is very low in terms of the focus on security and privacy. Not many people think about the possibility of their Bluetooth being hacked because they’re supposedly never hooked up to an internet connection. ‘Nobody’s going to hack my Bluetooth!’ Either that, or they simply don’t think about it at all and don’t think to turn Bluetooth off when they’re not using it.
With the BlueBorne, bad actors could pair their device with yours completely invisibly even if it’s not discoverable. You nor the Bluetooth device your smartphone or speaker is paired with would be none the wiser. This isn’t platform specific either. Android, iPhone, Windows, Mac, Linux, it’s all vulnerable until patched. Even worse, this could be used for a potential man-in-the-middle attack where information you thought you were sharing securely is now being siphoned into a brand spankin’ new database ripe for the selling. It doesn’t stop there though.
If the hacker goes undetected once, what’s to say they won’t try it again with an even more malicious attack? There’s no password authentication required in this whole process so it’s not like this vulnerability couldn’t be used on a larger scale. With enough financial backing, one could sit themselves in the middle of a dance club and pick off each and every one of the devices in the room. But that’s child’s play. I’m thinking something more complex would go down.
Justin Bieber concert, 2017. Bad actor Malcolm Hastings positions himself in the middle of a 200,000+ size concert crowd of screaming adolescent girls. He’s not there to see the show. Him and his fellow team of bad actors are placed in a mesh pattern throughout the whole venue. Each of the phreakers is equipped with a smartphone that contains a gain-boosted Bluetooth module. This is no low-power deal that they’ve got there; this is serious business. The moment the star of the concert appears on stage, concert-goers’ phones go above everyone’s heads, the hackers’ included. On each of the cybercriminals’ smartphones is a specially crafted exploit that is meant to spread infectious malware through the BlueBorne vulnerability.
Only three or four phones are really necessary to have every phone in the venue infected by the end of the night. One smartphone Bluetooth module can practically connect to three or four devices at once. The first device connects to three others, and those three connect to three each, and so on. Before you know it, you have every phone in that venue phoning back to the command and control server somewhere in a foreign country, awaiting orders.
Hackers attending a Justin Bieber concert successfully created one of the fastest growing botnets in the world.
For more technical details on the BlueBorne vulnerability visit Armis’s site.