In recent cybersecurity news Armis Labs discovered and disclosed a new attack vector which is a threat to mobile, desktop and Internet of Things (IoT) operating systems. Some of these operating systems include Google Android, Apple iOS, Microsoft Windows, Linux systems and any other mobile or appliance devices which use these popular operating systems. The new attack vector is now being called “BlueBorne.” Scarily, BlueBorne is a vulnerability which can be spread in the air by way of using the Bluetooth protocol, as its name suggests. There were also several discoverable BlueBorne zero-day exploits disclosed by Armis Labs. BlueBorne can allow threat actors to take control of mobile and appliance devices in order to access corporate data in various networks, to penetrate secure “air-gapped” networks, and finally to spread malware laterally to other adjacent mobile or appliance devices. In order to take full advantage of the BlueBorne Bluetooth protocol vulnerability, there are several stages to be completed by the threat actor. First, obviously, the threat actor must locate an active Bluetooth connection. Next, the threat actor must obtain the mobile or appliance device’s MAC address. A MAC address is a unique identifier for specific computer network connected devices. Once, the threat actor has this information, the threat actor can then scan the device by using any type of network scanning tool. Usually, this scanning tool can be found within the hacker’s tool kit named Kali Linux such as Nmap. Nmap is a popular application embedded in Kali Linux. Once scanned, the threat actor is able to determine the user’s operating system and can then adjust his Bluetooth protocol vulnerability (BlueBorne) payload exploit accordingly. Once the threat actor has deployed the appropriate executable payload, they are now able to gain the access needed in order to act on any type of malicious objective, such as creating a direct “Man-in-The-Middle” attack in order to control the device’s communication and take full control over the victim’s mobile or appliance device. Steve Reinkemeyer, COO at Redport Information Assurance, LLC suggests that users’ first research their vendor products download sites in order to quickly find and download the patch fix specifically for the BlueBorne vulnerability, as well as to avoid using their Bluetooth devices in public and in open air hotspot environments to totally avoid the risk of being exploited in the wild.

By Dr. Randall Sylvertooth

Reference:
https://www.armis.com/blueborne/#/general


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA