BlueBorne is a series of vulnerabilities in bluetooth stacks of numerous modern operating systems, including Google Android. These vulnerabilities allow cybercriminals to obtain privileges of an operating system kernel and remotely execute a malicious code on Android devices with an enabled Bluetooth subsystem. The devices get attacked using specifically formed data packages. Such remote attack doesn’t require a preliminary pairing of devices, enabling of a visibility mode (detection availability) of the receiving device or any other suchlike actions. A successful attack requires only enabled Bluetooth on the attacked device; and a potential victim also must be located not further than 10 meters from the attacker.
Potentially, there is a probability of occurrence of malicious programs that can use these vulnerabilities to independently spread across wireless channels from one device to another like network worms. Among the devices exposed to this danger with the highest priority are those not obtaining security updates from the firmware manufacturers and OS developers. Google eliminated the mentioned vulnerabilities in the Android update released in September 2017.
The vulnerabilities were detected in a code of a function l2cap_parse_conf_rsp of the Linux kernel. All kernel versions starting from 3.3 are vulnerable. When this vulnerability is used with kernel versions with an enabled CONFIG_CC_STACKPROTECTOR function for a protection from a stack overflow, it causes a critical error in the kernel operation. BlueBorne can also attack with a CVE-2017-1000251 vulnerability in the L2CAP module of the Linux kernel. Bluetooth protocol stack uses this module. The vulnerability allows to execute a code, which was sent to a compromised device by an attacker. A CVE-2017-1000250 vulnerability implemented with the SDP (Service Discovery Protocol) in a BlueZ stack causes leak of information. Vulnerabilities CVE-2017-0781 and CVE-2017-0782 in the Android OS allow to launch applications with the OS kernel privileges. A CVE-2017-0785 vulnerability of the Android OS also causes information leaks, as well as a CVE-2017-0783 vulnerability in the Android Bluetooth stack.
Since Bluetooth processes have elevated privileges in all operating systems, exploit of the vulnerabilities in the Bluetooth protocol stack provides almost full control over a device. The series of the BlueBorne vulnerabilities allows cybercriminals to control devices, gain access to their data and connected networks, spread malicious software to adjacent devices and perform Man-in-The-Middle attacks. All versions of Android smartphones, tablets and other devices are exposed to these vulnerabilities (except those using only Bluetooth Low Energy), if a security update released by Google on the September 9, 2017 is not installed.
Dr.Web Security Auditor checks a device for this update and warns a user on a potential threat in case it doesn’t find it.
Read also descriptions of other vulnerabilities