BlueBorne Bluetooth Vulnerability Can Hack a SmartPhone In Seconds

Bluetooth technology is not a new thing but its starting to become very popular. Bluetooth is now seen in a lot of different areas from SmartPhones, Smart Watches, Cars, IoT devices, Smart TVS, Games Consoles, Security devices, in our homes, smart devices. Bluetooth is used in many industries and areas of technology such as medical facilities, factories, restaurants and our banks. Its clear to say this technology is not going away anytime soon.

Recently Armis Labs found a zero-day vulnerability endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux. Armis has also discovered eight additional zero-day exploits.

Armis Labs has classified four of these zero-day exploits as critical. BlueBorne attack has the ability to expose almost every connected device within range and effects over 5.3 billion devices over the air without pairing with the target device. This is because the BlueBorne vulnerability targets the Bluetooth Stack directly. BlueBorne can spread malware and other malicious code through effected devices and new target devices who become victim would then repeat this process. Unlike usual cyber attacker, you don’t need to download and execute any payloads to be at risk of BlueBorne vulnerability.

BlueBorne vulnerability allows attackers to view and record target devices Camera’s , record target device’s Microphones and gain unauthorized control over the target devices. Attackers could then use this exploit to make payments from target devices, make calls, send text messages, view, edit, copy and modify files on the target Bluetooth device and even spread ransom-ware through exploited devices. It only takes 10 seconds from an attacker to exploit a BlueBorne vulnerable Bluetooth device we advise anyone using Bluetooth to keep it disabled how many similar vulnerabilities may be lurking that we don’t yet know about ?. BlueBorne shows the dangers of Bluetooth implementations and security flaws in modern Bluetooth stacks.

An attacker would first scan to find some Bluetooth-enabled devices within range.

Next, they would obtain the MAC address (Media Access Control Address) this allows attackers to check what operating system the vulnerable Bluetooth device is running on.

The attacker can then exploit a vulnerability in the Bluetooth Stack on that platform and gain authorized control over the target Bluetooth device.

Common misconceptions with Bluetooth can often make users believe Bluetooth only has a sort range this is however is false. Bluetooth service classes are standardized the power of the transmitter governs the range over which a Bluetooth device can operate. Class 1 Bluetooth devices transmitting at 100mW, have a standard range of approximately 100 meters or 328 feet, range of Class 1 Bluetooth devices are comparable to the range of a 802.11b WLAN device. Class 1 devices are most commonly implemented in devices where power is not much of a concern such as laptop and desktop systems. This means that BlueBorne vulnerable devices can also be exploited from a greater distance and in turn yield more targets in the process. A typical Smart Phones & Bluetooth headsets are Class 2 Bluetooth devices .

Quote – Armis Labs

Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth. Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices. Armis reported these vulnerabilities to the responsible actors, and is working with them as patches are being identified and released.”

What Is BlueBorne?

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.”

How to check if your devices are Vulnerable to BlueBorne exploit

Armis Security has released a vulnerability checker for Android it is designed to test whether or not a Bluetooth device is vulnerable to the newly discovered Blueborne exploit.


DOWNLOAD BlueBorne Vulnerability Scanner by Armis

Linux / Mac:

DOWNLOAD blueborne-scanner


CVE-2017-0785 PoC


BlueBorne Technical White Paper