BlueBorne's Bluetooth vulnerability affects billions of devices

Researchers at Armis discovered eight critical vulnerabilities in Bluetooth implementations. The following CVEs received vulnerabilities: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785 (Android); CVE-2017-1000251, VE-2017-1000250 (Linux); CVE-2017-8628 (Windows). Devices on iOS have not yet received a CVE identifier. All vulnerabilities are united under the common name: BlueBorne.



The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, of which more than 8.2 billion. Bluetooth is the leading and most common protocol for short-range communications and is used by all devices - from ordinary computers and mobile devices to IoT devices, such as TVs, watches, cars and medical devices.



The BlueBorne attack vector does not require user interaction, is compatible with all software versions and does not require any preconditions or active Bluetooth configuration. Bluetooth-enabled devices are constantly looking for incoming connections from any devices, and not just those with which they were associated. This makes BlueBorne one of the most dangerous attacks discovered in recent years, and allows an attacker to successfully attack the device.

')

Three of the eight BlueBorne vulnerabilities are rated as supercritical and allow attackers to gain complete control over the device.



A technical description of the attack is available here .

Video demonstration of Windows attacks:

Video demonstration of the Linux attack:

Android Demo Attack Video: