An attack method that can take over from smartphone to PC via Bluetooth is discovered

　ARMIS, an IoT security company, has released information about the "Blueborne" attack that poses the vulnerabilities of Bluetooth (BT).

　Blueborne attacks can fully control the device via BT, which has a significant impact on PCs, smartphones, and IoT devices.Specifically, the execution of remote codes, the stolen of data, the stolen data of the middle -aged attack, the infection of ransomware, and the creation of a huge botnet with mobile devices and IoT devices, such as WIREX and MIRAI botnet.It will be possible.

　ARMIS has discovered eight zero -day vulnerabilities related to Blueborne, pointing out that there is already an attack.The discovered vulnerability is not a theoretical thing, but it is a view that it can actually be attacked, and that various platforms that use BT will find further vulnerabilities.

　This attack, named "Airborne" and "Bluetooth", propagates the air via BT and attacks the device.

　One of the major features of BlueBorne is that, unlike many attacks, which have been a problem so far, "it does not depend on the Internet" or "no physical connection".As a countermeasure against known attacks, there are many physical connections such as the Internet and USB, which can avoid them.

　The company states that even a "air gap" network, which is considered safe, can invade and spread malware with BT equipment.

　If the Wi-Fi chip vulnerabilities are vulnerable, it will only affect the peripheral device of the device, and to control the device, but in the case of BT, the process has a high privilege in the OS.Because of the fact, the device can effectively control it completely.

　Blueborne's threat is that it does not require user operation, such as clicking or downloading files, compatible with all software versions, and assuming that Bluetooth is active.The fact that the target device is extensive because it does not require or composition.

　BT -mounted devices always detect not only paired devices but also incoming connections from all devices, so you can establish BT connections without pairing the device at all.For this reason, Blueborne is a potential attack that does not detect an attack.

　In the Blueborne attack, we first detect the surrounding BT connection.Even if it is not "discoverable" mode for pairing, it will be possible if BT is turned on.

　Next, obtain a MAC address of the device, proceed the device to identify the OS of the target device, and prepare the attack accordingly.Then, the vulnerabilities in the BT protocol implementation on the platform are pierced and obtained access.At this stage, the communication control of the device by the intermediate attack and the cyber crime by the complete control of the device will be possible.

　ARMIS pointed out that BT has two major dangers because it is a difficult protocol to implement.

　One is that the vendor is following the protocol implementation guidelines, so if a vulnerability is found on a platform, other platforms may be affected as well, and in fact, such a "mirrored" vulnerable.It is said that the gender occurs in the middle attack on Windows and Android (CVE-2017-8628 and CVE-2017-0783).

　The second is that there is a lot of interpretation of some BT specifications, and the implementation methods that are fragmented with various platforms are adopted, which is likely to include unique vulnerabilities.Say.

　Regarding the vulnerability discovered by the company, we have already contacted Google, Microsoft, Apple, Samsung, and Linux Kernel Security Team to take measures.

　ARMIS is the most popular protocol for short -range communication, and the Blueborne attack is more than 8.2 billion BTs, including general PCs, smartphones, TVs, watches, cars, and medical equipment.It may affect all devices.

　There is also the latest survey that there are 2 billion Android devices in the world, 2 billion Windows terminals, and 1 billion Apple devices have a latest survey.It will be calculated to receive.

　Specifically, for Android, all devices that do not depend on the OS version, such as Google Pixel, Samsung Galaxy/Galaxy Tab, LG Watch Sport (excluding those that use only BT Low Energy, such as wearable devices) are remote.It is influenced by four vulnerabilities: execution of code (CVE-2017-0781/CVE-2017-0782), information leakage (CVE-2017-0785), and intermediate attacks (CVE-2017-0783).

　Google is already Android 6.0 (Marshmallow) and 7.It provides a security update program for 0 (NOUGAT), notifies a partner company, and if the Android device is applied on September 9, it will be taken to the vulnerability mentioned above.

　ARMIS offers the "Armis Blueborne Scanner" app on Google Play, and says that installing the device is dangerous.

　In Windows, all Windows PCs with Windows Vista are affected by the "Bluetooth Pineapple" vulnerabilities that can perform the intermediate attack (CVE -2017-8628).Microsoft has provided security patches to supported Windows on September 12.

　In Linux, all Linux devices running Bluez have the influence of the vulnerability of information leakage (CVE-2017-1000250) in October 2011..The device operated by 3-RC1 is affected by the remote code execution vulnerability (CVE-2017-1000251).Examples of target devices include Samsung Gear S3 and Samsung smart TV.

　In iOS, version 9.3.5 Below all iPhone/iPad/iPod touch, and version 7.2.2 The following AppleTV is affected by the vulnerability of remote code execution.Since the vulnerability has already been taken in iOS 10, there is no need to install a new patch, so Armis recommends updating it to the latest version of the OS.

　ARMIS recommends that if the device is not applied to the device, BT is disabled and the patch is minimized until the patch is installed.