Security Company Armis has discovered a collection of eight exploits called BlueBorne. It can permit an attacker access to your phone without touching it. The attack can allow access to computers and mobiles, even IoT devices. IoT operating systems including Android, iOS, windows, and Linux and the devices using them. BlueBorn allows the attackers to dominate devices, access corporate data and networks, penetrate secure “air gapped” networks, and spread malware laterally to adjacent devices. Armis reported this destructibility.
BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. Bluetooth The attack does not require the aimed device to be matched to the attacker’s device. Armis believes much more destructibility await discovery in the various platforms using Bluetooth. This destructiveness is fully operational and can be exploited successfully. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as man-in-the-middle attacks.
What is the threat?
The BlueBorne attack vector has several qualities which can destructive when combined. By spreading in the air, BlueBorne aims the weakest point in the network’s defense and the only one that no security measure protects. Spreading from device to device via air also makes BlueBorne infectious. Unfortunately, this set of capabilities is extremely desirable to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices or mobile devices.
The next step is a set of code executions that allows for control of the device. “This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering). Due to a flaw in the BNEP service, a hacker can trigger a surgical memory corruption, which is easy to exploit and enables him to run code on the device, effectively granting him complete control,” mentioned the researchers.
How to be secured?
You can keep all your devices updated regularly and be wary of older IoT devices. In most cases, the problems associated with BlueBorn vectors should be patched by major players in the electronics space but less popular devices could still be vulnerable to attack.