BlueBorne malware spreads using IoT Bluetooth vulnerability (Updated)
Updated on 3:00pm, September 14, 2017: We’ve just received a statement from Kaspersky Labs, in response to this story. The statement, by Vitaly Kamluk, Director, Global Research and Analysis Team in Asia Pacific (APAC), Kaspersky Labs, pretty much echoes what we’ve already reported, urging users to turn the Bluetooth connection on your device completely off, and NOT just leaving it invisible or undetectable. It continues to urge users of Bluetooth-enabled devices to stay vigilant:
Recent publication of vulnerabilities in Bluetooth stack covers several vulnerabilities for selected platforms, however, the number of undiscovered or unreported vulnerabilities may be much larger, which is why we would like to call for attention of all users of Bluetooth enabled devices.
Original article below:
Remember the mess that was WannaCry, the terrible ransomware that shook the world back in May? It looks like malwares are making a comeback, and in a big way this time, as researchers at Armis Labs have discovered a new one, which it dubs as BlueBorne. Here’s Michael Parker, Vice President of Marketing, Armis Labs, putting it simply:
"Imagine there's a WannaCry on Bluetooth, where attackers can deposit ransomware on the device, and tell it to find other devices on Bluetooth and spread it automatically."
Unlike traditional malware, BlueBorne doesn’t need a potential victim to make the mistake of opening a suspicious link or downloading a dodgy file. A victim doesn’t even need to be connected to the internet. Instead, it spreads over the air via Bluetooth, hence the name. The attacker doesn’t even need to pair their device to a victim’s to spread it; all that’s needed is for a device to have Bluetooth turned on, and BlueBorne will be sent from device to device, regardless of platform or OS. In other words, no matter if it’s a desktop system or mobile device, or even an IoT device, running Windows, Linux, Android or iOS – if it has Bluetooth turned on, it will be infected and become a vector itself, making BlueBorne extremely infectious.
The scary part of this is that because BlueBorne works in a way that keeps it out of the traditional killchain, it is completely invisible. It can also be used to carry all sorts of malware, from botnets to ransomware.
Despite the sophisticated-sounding method of infection, the exploit is a fairly straightforward one. It takes advantage of the way Bluetooth uses tethering to share data, much the same way IoT devices transmit data in order to work seemingly automatically whenever a trigger device gets within range. Imagine a keyless car needing a keycard to be in the vicinity before you can start the engine using the start/stop button.
While Microsoft, Google, and Apple are all releasing patches for this vulnerability, older devices that will not be getting any new updates will still be vulnerable. Lump them alongside other IoT devices that don’t usually get frequent firmware updates and we’re looking at a mountain of devices – a pile that may amount to 5.3 billion devices, considering the way Bluetooth is nearly as common as smart devices themselves.
Fortunately, if you have one such device, keeping yourself safe is as simple as turning Bluetooth off. That said, this would be a bummer for your IoT devices that operate via Bluetooth.