October 26, 2017

Bluetooth is one of the most widespread communication protocols and a popular data-transfer channel used by mobile phones, computers, household appliances, electronics, children’s toys, medical devices, and cars. It provides a secure connection; however, sometimes flaws are discovered in it. A whole group of dangerous vulnerabilities surfaced recently. Cybercriminals can use them to gain full control over attacked devices, execute arbitrary code, and steal confidential information. The Security Auditor that comes with Dr.Web Security Space for Android checks whether mobile devices have been exposed to these vulnerabilities and notifies users about them in a timely manner.

The detected vulnerabilities and the attack vector they use have been called BlueBorne. Security researchers have detected a problem in the components of most modern-day operation systems, including Windows, iOS, and Linux and the platforms based on its kernel, e.g., Tizen and Android.

BlueBorne includes the following vulnerabilities:

• CVE-2017-0781, CVE-2017-0782 – Android vulnerabilities that allow applications to be launched with system privileges;
• CVE-2017-0785 – an Android vulnerability that can lead to the leak and theft of confidential information;
• CVE-2017-0783 – an Android vulnerability that facilitates Man-in-The-Middle attacks;
• CVE-2017-1000251 – a vulnerability in a Linux kernel component that facilitates the execution of arbitrary code;
• CVE-2017-1000250 – a vulnerability in a Linux kernel component that may lead to the theft of confidential information.

BlueBorne allows cybercriminals to execute malicious code remotely on Android devices possessing an enabled Bluetooth transmitter by sending specially formed data packages. An attack is performed with OS kernel privileges and doesn’t require that devices be pre-paired or visibility mode enabled. For a vulnerability to be successfully exploited, it is enough for a potential victim’s device to have its Bluetooth adapter enabled and for the attacker to be within range of the transmitter.

Because the processes that make Bluetooth work have elevated privileges in all operating systems, these vulnerabilities can be exploited to give criminals almost full control over an attacked object. BlueBorne vulnerabilities let cybercriminals control devices, spread malicious software among them, gain access to their data and the networks they are connected to, and perform Man-in-The-Middle attacks. These vulnerabilities pose a danger to all Android smartphones, tablets and other devices that have not had the security update dated September 9, 2017, applied to them and to devices that use Bluetooth in anything other than the Bluetooth Low Energy mode.

In addition to cybercriminals using BlueBorne to carry out attacks directly, malicious programs that exploit these vulnerabilities may appear. They will be able to independently spread across Bluetooth channels from one device to another, similar to network worms. The devices most at risk are those that have not obtained security updates from the firmware manufacturers and OS developers.

The Security Auditor that comes with Dr.Web Security Space detects the numerous vulnerabilities that can be present on Android smartphones and tablets. Among those vulnerabilities are the widely known Extra Field, MasterKey, Heartbleed, and a host of others. When the updated version of Auditor was released, the aforementioned BlueBorne vulnerability and SIM Toolkit (CVE-2015-3843) had already been added to it..

The SIM Toolkit error in Android lets cybercriminals intercept and fake commands sent by a SIM card to a mobile device and back. That’s why cybercriminals can execute phishing attacks using fraudulent windows and steal confidential information such as login credentials.

To detect BlueBorne on mobile devices, Dr.Web Security Auditor checks whether the Google update is present on devices and warns users of the potential threat if it doesn’t find it. When this and other vulnerabilities are detected, it is recommended that users install all available updates.

More information about BlueBorne vulnerabilities
More information about other Android vulnerabilities