Dr.Web will tell whether Android devices have been exposed to the BlueBorne vulnerability in the Bluetooth protocol
October 26, 2017
The detected vulnerabilities and the attack vector they use have been called BlueBorne. Security researchers have detected a problem in the components of most modern-day operation systems, including Windows, iOS, and Linux and the platforms based on its kernel, e.g., Tizen and Android.
BlueBorne includes the following vulnerabilities:
- CVE-2017-0781, CVE-2017-0782 – Android vulnerabilities that allow applications to be launched with system privileges;
- CVE-2017-0785 – an Android vulnerability that can lead to the leak and theft of confidential information;
- CVE-2017-0783 – an Android vulnerability that facilitates Man-in-The-Middle attacks;
- CVE-2017-1000251 – a vulnerability in a Linux kernel component that facilitates the execution of arbitrary code;
- CVE-2017-1000250 – a vulnerability in a Linux kernel component that may lead to the theft of confidential information.
BlueBorne allows cybercriminals to execute malicious code remotely on Android devices possessing an enabled Bluetooth transmitter by sending specially formed data packages. An attack is performed with OS kernel privileges and doesn’t require that devices be pre-paired or visibility mode enabled. For a vulnerability to be successfully exploited, it is enough for a potential victim’s device to have its Bluetooth adapter enabled and for the attacker to be within range of the transmitter.
Because the processes that make Bluetooth work have elevated privileges in all operating systems, these vulnerabilities can be exploited to give criminals almost full control over an attacked object. BlueBorne vulnerabilities let cybercriminals control devices, spread malicious software among them, gain access to their data and the networks they are connected to, and perform Man-in-The-Middle attacks. These vulnerabilities pose a danger to all Android smartphones, tablets and other devices that have not had the security update dated September 9, 2017, applied to them and to devices that use Bluetooth in anything other than the Bluetooth Low Energy mode.
In addition to cybercriminals using BlueBorne to carry out attacks directly, malicious programs that exploit these vulnerabilities may appear. They will be able to independently spread across Bluetooth channels from one device to another, similar to network worms. The devices most at risk are those that have not obtained security updates from the firmware manufacturers and OS developers.
The Security Auditor that comes with Dr.Web Security Space detects the numerous vulnerabilities that can be present on Android smartphones and tablets. Among those vulnerabilities are the widely known Extra Field, MasterKey, Heartbleed, and a host of others. When the updated version of Auditor was released, the aforementioned BlueBorne vulnerability and SIM Toolkit (CVE-2015-3843) had already been added to it..
The SIM Toolkit error in Android lets cybercriminals intercept and fake commands sent by a SIM card to a mobile device and back. That’s why cybercriminals can execute phishing attacks using fraudulent windows and steal confidential information such as login credentials.
To detect BlueBorne on mobile devices, Dr.Web Security Auditor checks whether the Google update is present on devices and warns users of the potential threat if it doesn’t find it. When this and other vulnerabilities are detected, it is recommended that users install all available updates.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.