Zero-day Bluetooth vulnerabilities expose 5 billion devices to remote attacks

Over 5 billion Android, Windows, iOS and Linux devices that use Bluetooth to communicate are exposed to remote control, redirection to phishing websites and man-in-the-middle attacks after eight zero-day vulnerabilities were detected, including three that are critical.

The cyber threat, dubbed BlueBorne, doesn’t require user interaction and affects all Bluetooth-enabled devices including smartphones and smart devices such as wearables, smart TVs and automobile audio systems, among others, which can easily be infected with malware such as ransomware.

If the Bluetooth setting is turned on, compromised devices can in turn propagate malware and corrupt other Bluetooth-enabled devices over the air, with no pairing or discovery mode required. As a result, attacks could spread extremely quickly through a worm, possibly leading to an event similar in size to the WannaCry ransomware attack, researchers warn.

The vulnerabilities identified are:

• Android information leak vulnerability – CVE-2017-0785
• Android RCE vulnerability #1 – CVE-2017-0781
• Android RCE vulnerability #2 – CVE-2017-0782
• The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783
• Linux kernel RCE vulnerability – CVE-2017-1000251
• Linux Bluetooth stack (BlueZ) information Leak vulnerability – CVE-2017-1000250
• The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628
• Apple Low Energy Audio Protocol RCE vulnerability (no designated CVE number yet)

Apple, Google, Microsoft and Linux were immediately informed about the vulnerabilities between April and August 2017. Google released a patch for Android 6 and 7, and Microsoft released a security update for all Windows devices except Windows phones, which were not affected. Linux announced its plan to release a security update and Apple had already fixed it with the release of version 10. Older versions and Apple TVs are still vulnerable.