CATEGORIES
home News

BlueBorne Bluetooth Vulnerability Can Hack Your Phone In Seconds

by Shane McGlaunWednesday, September 13, 2017, 07:35 AM EDT

A security company called Armis is spilling the beans on a collection of eight different exploits that it is collectively calling BlueBorne. These exploits can allow a hacker access to your phone in seconds without having physical access to the device. Perhaps the scariest part of the exploit is that BlueBorne isn't limited to your phone alone; the hack can allow access to phones, computers, and IoT devices.

Armis notes that it believes more vulnerabilities lie waiting to be discovered in various platforms that use the Bluetooth wireless communications standard. The firm says that its research proves these vulnerabilities exist and that they can be exploited. BlueBorne can be used to execute a range of different hacks including remote code execution and man-in-the-middle attacks.

blueborne

"BlueBorne affects pretty much every device we use. Turns that Bluetooth into a rotten black one. Don’t be surprised if you have to go see your security dentist on this one," said Ralph Echemendia, CEO of Seguru.

The video below shows the exploit being executed as the attacker identifies a device, connects to it via Bluetooth, and then controls the screen and apps. The upside is that the exploit isn't completely stealthy, it does wake up the device as the hack is executed potentially tipping the user that something is amiss with their device.


The researchers say that the start of the hack is finding a device and then forcing the device to give up details about itself and eventually forcing the device to release keys and passwords. The attack vector is said to be very similar to heartbleed, an exploit that forced web servers to display passwords and other keys remotely.

Eventually the exploit will give the hacker full control of the device. When the hacker executes a man-in-the-middle attack they are able to stream data from the device. The researchers write, "The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This attack does not require any user interaction, authentication or pairing, making it practically invisible."

As for a fix, Windows and iOS devices are protected from this hack already. Many Android users should receive a patch for the issue today. However, devices running older versions of Android or Linux are potentially susceptible to the exploit. This certainly isn't the first exploit that left a large number of devices potentially vulnerable. Broadpwn was an exploit that exploited devices using the Broadcom chipset allowing it to potentially affect Android and iOS devices.

Tags:  security, Bluetooth, Hack, exploit
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment