Last month, I wrote about Broadpwn. Broadpwn is an exploit which can be used to take over many smartphones and tablets, iPhones and Android devices alike. It targets Broadcom Wifi chipsets, which are used in mobile devices from a variety of OEMs including Apple and Samsung.
The bright side is that it’s simply a vulnerability that was found by a security researcher, and updating to the latest versions of iOS and Android patches the vulnerability.
That’s not the case for this Bluetooth exploit, however. Armis Labs discovered eight zero day vulnerabilities. That’s right – BlueBorne is a collection of vulnerabilities, many with patches that are still being developed.
But like Broadpwn, BlueBorne can be used to attack devices while bypassing operating system security measures like data execution prevention and address space layout randomization. Attacks that target hardware exploits and bypass operating systems are fast becoming the future of cyberattacks.
What Particular Features of BlueBorne Are Most Alarming?
Devices that can be attacked through BlueBorne include not only mobile devices, but also PCs that have Bluetooth functionality, and many of the Internet of Things (IoT) devices which are becoming increasingly numerous and ubiquitous.
Like Broadpwn, BlueBorne bypasses operating systems, no matter what system you’re using. Armis Labs has found that BlueBorne can exploit devices running iOS, Android, Windows, and Linux operating systems.
Out of the estimated 8.2 billion Bluetooth devices worldwide, more than 5.3 billion of them are definitely vulnerable to a BlueBorne attack. But according to Armis Labs, all Bluetooth devices may be vulnerable, at least to some extent.
Bluetooth enables devices to connect effortlessly and, most alarming, is that someone with a device that gets a BlueBorne attack probably won’t know it. For a BlueBorne attack to work, all that’s required is for Bluetooth to be (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog