Security company Armis has identified eight exploits utilizing the Bluetooth Network Encapsulation Protocol (BNEP) service of mobile devices.
Collectively called BlueBorne, the vulnerabilities can allow an attacker access to your phone without touching it.
BlueBorne attack demonstration
How it works
First the attacker identifies a device to attack, which includes forcing the device to give up information about itself and then, ultimately, release keys and passwords in an attack resembling Heartbleed.
The next step is a set of code executions that allows for full control of the device:
This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering). Due to a flaw in the BNEP service, a hacker can trigger a surgical memory corruption, which is easy to exploit and enables him to run code on the device, effectively granting him complete control. (Source)
Finally, when the hacker has access, they are able to begin streaming data from the device in a Man-in-the-Middle attack:
The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing, and force the device to transmit all communication through the malicious network interface. This attack does not require any user interaction, authentication or pairing, making it practically invisible. (Source)
How do you stay safe?
Here’s what ServerCentral recommends:
- Turn off Bluetooth when you’re not using it.
- Always require a passcode (or a fingerprint, etc.) to use your phone.
- Keep all of your devices updated regularly and be wary of older IoT devices.
In most cases, the problems associated with BlueBorne vectors should already be patched, but less popular devices could still be vulnerable to attack. It’s always a good idea to practice regular upgrades and patching to all of your mobile devices.