Latest Bluetooth hacking techniques expose new attack vectors for hackers

• BlueBorne is a vulnerability discovered in several Bluetooth implementations.
• Btlejacking relies on the jamming vulnerability tracked as CVE-2018-7252 and affects BLE devices with versions 4.0, 4.1, 4.2 and 5.

Bluetooth is a wireless communication protocol developed in 1998. It simplifies the transfer of files, photos, and documents for low peripheral devices such as cell phones, PDAs, and mobile computers over a small range of distance. Bluetooth technology has revolutionized wireless communications between devices with its simple and ubiquitous features. However, unfortunately, Bluetooth technology has increased the security concern among individuals. Hackers are constantly exploiting the security vulnerabilities in Bluetooth for various nefarious activities such as stealing personal data, installing malware and more. Here are the significant Bluetooth hacks and vulnerabilities that were discovered recently impacting mobile phones, systems, and even cars.

BlueBorne

BlueBorne is a vulnerability discovered in several Bluetooth implementations. It was explored in April 2017 by security researchers from Armis. The security flaw was discovered in mobile, desktop, and IoT operating systems including Android, iOS, Windows and Linux. It could allow a hacker to gain control over devices and conduct a man-in-the-middle attack to steal information.

Describing the operational range of the attack vector, the researchers explained, “The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited.”

BlueBorne manages to be such a dangerous threat because of the medium by which it operates. Unlike the majority of attacks that rely on the internet, a BlueBorne attack spreads through the air. This means a hacker could connect to smartphones and computers silently and take over the devices without the need for any user interaction.

Btlejacking

Btlejacking, a new form of Bluetooth attack vector was disclosed in August 2018 at the DefCon conference in Las Vegas by Damien Cauquil, head of research and development at Digital Security. This new technique could allow attackers to jam and takeover any Bluetooth Low Energy device. It relies on the jamming vulnerability tracked as CVE-2018-7252 and affects BLE devices with versions 4.0, 4.1, 4.2 and 5. In order to exploit the flaw, the attacker should be within 5 meters.

Hundreds of millions of Bluetooth devices are found to be potentially at risk due to the attack vector and could allow hackers to sniff into a BLE connection, jam a BLE device and take over the vulnerable Bluetooth devices. The attack can be carried out on Bluetooth enabled device using a Micro:BIT embedded computer costing only $15, and a few lines of open source code.

Bleedingbit

Security researchers from Armis security firm discovered two new flaws dubbed as ‘BleedingBit’ in the Bluetooth chips that could affect enterprises worldwide. The first flaw is tracked as CVE-2018-16986 and is a remote code execution flaw which resides in four chip models embedded in seven Cisco and five Meraki access points. By exploiting the flaw, attackers can remotely send multiple malicious BLE broadcast messages called as ‘advertising packets’ which are stored on the memory of the vulnerable chip. As long as the BLE is turned on, this malicious messages can be invoked to trigger an overflow of critical memory. This can also enable the hackers to corrupt the memory, gain access to an operating system, create a backdoor and remotely execute malicious code.

The second chip vulnerability is identified as CVE-2018-7080 and affects multiple Aruba access points including its entire 300 series. According to researchers, it can allow an attacker to access and install a completely new and different version of the firmware.

BleedingBit is cited as a wake-up call to enterprise security for two reasons.

"First, the fact that an attacker can enter the network without any indication or warning raises serious security concerns. Second, these vulnerabilities can destroy network segmentation -- the primary security strategy that most enterprises use to protect themselves from unknown or dangerous unmanaged and IoT devices. And here, the access point is the unmanaged device,” said Yevgeny Dibrov, Armis CEO in a blog post.

CarsBlues

Researchers at Privacy4Cars found a new mass security vulnerability dubbed as CarsBlues in the infotainment systems of several types of vehicles. The attack can be performed in a few minutes using inexpensive and readily available hardware and software and could let hackers to erase personally identifiable information (PII) of users who have synced their phones to their cars via Bluetooth. The hack is estimated to affect tens of millions of vehicles across the globe.

The researchers highlight that the hack can be riskier if a user has synced his phone with a vehicle that has been rented, shared through a subscription service, loaned, sold or returned at the end of a lease.

Conclusion

Nearly every device used today has Bluetooth capabilities and people store a great deal of personal information on their phones and tablets. If hackers can hack the Bluetooth connections, then it can give access to sensitive information stored on their devices. However, users can prevent such attacks by turning the Bluetooth feature ‘OFF’ when not in use or by setting the device’s visibility to ‘OFF’. This stops other devices from scanning your Bluetooth device.