Bluetooth Virus Warning - BlueBorne


Ian

Administrator
Joined
Feb 23, 2002
Messages
18,980
Reaction score
1,014
A new type of exploit has been discovered which can spread to many different devices via Bluetooth, without connecting or having any interaction from the user. This exploit could spread very quickly now that details have been made public, as it would only take a few seed devices for a virus to spread en-mass.

Ars Technica have a detailed article which includes some example videos of the exploit in action:
https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

Microsoft and Apple devices have already been patched, as long as you're using the latest versions (and up to date with security patches). However, Android and Linux devices are particularly vulnerably - especially if you're using a non-Google Android phone (i.e. Samsung S7/S8).

You could download the Blueborne scanner for your Android phone and it'll tell you if you're vulnerable - plus it will scan for other BT devices in range that are also susceptible:

https://play.google.com/store/apps/details?id=com.armis.blueborne_detector&hl=en_GB
 

Ian

Administrator
Joined
Feb 23, 2002
Messages
18,980
Reaction score
1,014
I've disabled bluetooth on my phone and watch until Samsung pull their finger out and release a patch. This could get big very quickly, unless patches are released ASAP.
 
Ad

Advertisements

V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,156
Reaction score
1,549
Microsoft patched the vulnerabilities in July during the company's regularly scheduled Patch Tuesday.

Surprisingly, the majority of Linux devices on the market today don't use address space layout randomization or similar protections to lessen the damage of BlueBorne's underlying buffer overflow exploit, Armis Head of Research Ben Seri said. That makes the code-execution attack on that OS "highly reliable."

The attack is most potent against Android and Linux devices,
/bait.

I was just reading about this. I think its a lot more serious than people think. BT is used so much more than just for smart wear etc now, especially as cars use Apple CarPlay, Android Auto etc. Not to mention the loss of the headphone jack on a lot of new phones....

https://www.reddit.com/r/netsec/comments/6znbzp/the_iot_attack_vector_blueborne_exposes_almost/

https://www.armis.com/blueborne/

Armis reached out to the following actors to ensure a safe, secure, and coordinated response to the vulnerabilities identified.

  • Google – Contacted on April 19, 2017, after which details were shared. Released public security update and security bulletin on September 4th, 2017. Coordinated disclosure on September 12th, 2017.
  • Microsoft – Contacted on April 19, 2017 after which details were shared. Updates were made on July 11. Public disclosure on September 12, 2017 as part of coordinated disclosure.
  • Apple – Contacted on August 9, 2017. Apple had no vulnerability in its current versions.
  • Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach.
  • Linux – Contacted August 15 and 17, 2017. On September 5, 2017, we connected and provided the necessary information to the the Linux kernel security team and to the Linux distributions security contact list and conversations followed from there. Targeting updates for on or about September 12, 2017 for coordinated disclosure.
lolSamsung. This is why I won't buy another Samsung device again.
 

Ian

Administrator
Joined
Feb 23, 2002
Messages
18,980
Reaction score
1,014
Yup, and I bet most cars (and plenty of other devices) aren't going to be patched either.

I hope Samsung release a statement soon, as their lack of action is pretty concerning.
 

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,438
Reaction score
1,003
never have had BT enabled, I have no reason.

:)
 
Joined
Jan 4, 2003
Messages
7,532
Reaction score
586
I use it when needed. If not needed it's turned off to save battery power.

Never leave it running in back ground nor WiFi
 
Ad

Advertisements

Captain Jack Sparrow

Anti-cryptominer
Joined
Jul 1, 2007
Messages
530
Reaction score
104
A new type of exploit has been discovered which can spread to many different devices via Bluetooth, without connecting or having any interaction from the user. This exploit could spread very quickly now that details have been made public, as it would only take a few seed devices for a virus to spread en-mass.

Ars Technica have a detailed article which includes some example videos of the exploit in action:
https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

Microsoft and Apple devices have already been patched, as long as you're using the latest versions (and up to date with security patches). However, Android and Linux devices are particularly vulnerably - especially if you're using a non-Google Android phone (i.e. Samsung S7/S8).

You could download the Blueborne scanner for your Android phone and it'll tell you if you're vulnerable - plus it will scan for other BT devices in range that are also susceptible:

https://play.google.com/store/apps/details?id=com.armis.blueborne_detector&hl=en_GB
This was already on my radar (Haha, get it?! :D)... But I haven't had the chance to properly investigate this until today, as I have been very busy during the past month.

My smartphone is a BlackBerry Z10 (that's 3 years old!) with the latest 'BlackBerry 10' software.
BlackBerry 10 is a QNX based operating system.
I sideloaded the quoted app via the Android runtime (Android 4.3 emulated). The app said that my device is vulnerable.
But here's the thing, it said my device is vulnerable, even with Bluetooth disabled.

So I'm wondering if this is a false positive, or perhaps only the Android runtime component of the OS is affected. For example, it might be possible to compromise the Android runtime component of BlackBerry 10's OS, but that would not gain much useful access to the main OS. The BlackBerry 10 main OS and the Android runtime are isolated from each other.

Unfortunately, I do not have another Android device to attempt remote scanning of my Z10 with, so for now, I'll just have to trust BlackBerry's official statement regarding BlueBourne (external link, BlackBerry)...
BlackBerry 10 smartphones
BlackBerry has investigated the impact to its products and determined that BlackBerry 10 smartphones are not affected.

BlackBerry OS smartphones
BlackBerry has investigated the impact to its products and determined that BlackBerry OS smartphones are not affected.
They have also stated that no action should be necessary...
BlackBerry QNX products
BlackBerry has investigated the impact to its products and determined that no BlackBerry QNX products are shipped with an affected Bluetooth stack.

Actions for customers
There is no action necessary for users of BlackBerry 10 or BlackBerry OS smartphones.
BlackBerry recommends that all users of BlackBerry powered by Android smartphones should update to the September Security Maintenance release as soon as it is available.
Do I trust BlackBerry? Of course not.
Once I am able to get hold of an Android device, I will run a remote scan of my Z10 to see if it's really vulnerable.
If it indeed is vulnerable, then this will be the first widely known vulnerability for BlackBerry 10 since 2014.
I think I can safely say that one vulnerability in 3 years is pretty damn good. Try comparing that to Apple! :lol:

- Capt. Jack Sparrow.
 
  • Like
Reactions: Ian

Ian

Administrator
Joined
Feb 23, 2002
Messages
18,980
Reaction score
1,014
If you've running the Blueborne scanner within an emulated Android environment, won't it be checking Android for the vulnerability, rather than the base OS? If may just take a look at the patch level and make the judgement that way. I'm not sure if that's how it works, it's just a guess :).

You could try installing it on another device and then use the active scan mode to see if it picks up your Blackberry?

I think I can safely say that one vulnerability in 3 years is pretty damn good. Try comparing that to Apple!
I dread to think how Android compares :lol:.
 

Captain Jack Sparrow

Anti-cryptominer
Joined
Jul 1, 2007
Messages
530
Reaction score
104
If you've running the Blueborne scanner within an emulated Android environment, won't it be checking Android for the vulnerability, rather than the base OS? If may just take a look at the patch level and make the judgement that way. I'm not sure if that's how it works, it's just a guess :).

You could try installing it on another device and then use the active scan mode to see if it picks up your Blackberry?



I dread to think how Android compares :lol:.
Yes, that's the issue, if its run on the device, it can only test the emulated Android 4.3 environment (which is ancient by today's standards). The Android environment is completely sandboxed from the core OS. It can only communicate with the core OS using extremely limited API calls.

I have since acquired an Android device to remotely scan devices. This device itself is vulnerable.

It probably doesn't come as any surprise, but BlackBerry 10 is not vulnerable. I also checked BlackBerry OS 7 and BlackBerry Tablet OS, these also are not vulnerable.

So it seems to be only affecting iOS and Android devices. Does anybody know if Windows Phone is vulnerable?

- Capt. Jack Sparrow.
 
  • Like
Reactions: Ian
Ad

Advertisements

Ian

Administrator
Joined
Feb 23, 2002
Messages
18,980
Reaction score
1,014
So it seems to be only affecting iOS and Android devices. Does anybody know if Windows Phone is vulnerable?
I think you're OK with a Windows Phone... but I've read that it has been patched and that it was never vulnerable in the first place, but I can't see an official confirmation or bug statement from MS anywhere. I can only find anecdotal things like this:

http://allaboutwindowsphone.com/flow/item/22462_Blueborne_Bluetooth_vulnerabil.php

Windows 10 was patched very quickly, so I would guess that the mobile version was patched quickly too - but I can't find anything to back this up.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top