The Armis Labs revealed the details of a new Bluetooth Vulnerability that can permit an attacker access to your phone without touching it. It is a collection of eight exploits collectively called as BlueBorne. An attacker can access your computer, phones, and IoT devices. There are four critical Vulnerabilities.
“BlueBorne” can spread via the air and attack devices through Bluetooth. Using BlueBorne attacker can control the devices and can access the corporate data and network. It also allows attackers to penetrate secure “air-gapped” networks and spread malware laterally to configure devices. The vector allows the attacker to detect the devices, connect to it through Bluetooth, and then start controlling the screen and apps.
After finding the device it will obtain the information about it and will also obtain keys and passwords by forcing the device. Then, the next step is code execution setup which will allow for full control of the device.
Researchers said that, through a Bluetooth connection, the vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service permits mobile data sharing. BNEP service’s flaw grants a hacker to trigger a surgical memory corruption. The hacker can run the code on the device as it is easy to utilize.
In the last step, an attacker can start streaming data from the device in a “man-in-the-middle” attack.
While today, Google users will receive the patch, Windows and iOS phones are secured. The devices with older versions of Android and Linux could be Vulnerable. So, update your all devices regularly.
“New solutions are needed to address the new airborne attack vector, especially those that make air gapping irrelevant,” Armis said.
As consumers and businesses are using new protocols, focus and research are necessary. Use of desktop, mobile, and IoT devices are increasing day by day so it is important to ensure that these types Vulnerabilities should not get spreader.