Bluetooth White Paper Identified 8 Vulnerabilities (video)
If you ask two researchers what is the problem with Bluetooth they will have a simple answer.
“Bluetooth is complicated. Too complicated. Too many specific applications are defined in the stack layer, with endless replication of facilities and features.” Case in point: the WiFi specification (802.11) is only 450 pages long, they said, while the Bluetooth specification reaches 2822 pages.
Unfortunately, they added, the complexity has “kept researchers from auditing its implementations at the same level of scrutiny that other highly exposed protocols, and outwards-facing interfaces have been treated with.”
Lack of review can end up with vulnerabilities needing identification.
And that is a fitting segue to this week’s news about devices with Bluetooth capabilities.
At Armis Labs, Ben Seri and Gregory Vishnepolsky are the two researchers who discussed the vulnerabilities in modern Bluetooth stacks—and devices with Bluetooth capabilities were estimated at over 8.2 billion, according to the Armis site’s overview.
Seri and Vishnepolsky are the authors of a 42-page white paper detailing what is wrong and at stake in their findings. The discovery is being described as an “attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them.”
They are calling the vector BlueBorne, as it spreads via the air and attacks devices via Bluetooth. Attackers can hack into cellphones and computers simply because they had Bluetooth on. “Just by having Bluetooth on, we can get malicious code on your device,” Nadir Izrael, CTO and cofounder of security firm Armis, told Ars Technica.
Let’s ponder this, as it highlights a troubling aspect of attack: Lorenzo Franceschi-Bicchierai at Motherboard:
“‘The user is not involved in the process, they don’t need to be in discoverable mode, they don’t have to have a Bluetooth connection active, just have Bluetooth on,’ Nadir Izrael, the co-founder and chief technology officer for Armis, told Motherboard.”
Their white paper identified eight vulnerabilities: (The authors thanked Alon Livne for the development of the Linux RCE exploit.)
Original article here.