Bluetooth makes transferring files, photographs and documents accessible in short distances to devices like mobile phones, PDAs and laptops. This protocol on wireless communication was developed in 1998. Bluetooth technology, with its ubiquitous and straightforward features, has revolutionized wireless communication between devices. Sadly, Bluetooth technology has increased person security problems. Bluetooth vulnerabilities continue to be used by hackers for various known activities such as theft of data, installation of malware, etc. This is a new major security breach that affects not only mobile phones but also cars and systems.
BlueBorne
BlueBorne is a security hole for some Bluetooth implementations. Security researchers reviewed it in Armis in April 2017. Web, mobile, and IoT operating systems, including Android, iOS, Windows, and Linux, have vulnerabilities. This can enable hackers to control the device and attack users in the centre to steal information.
“The target system doesn’t need to be connected to a disk device or configured in the invisible mode in case of an attack.” So far, Armis Labs has found eight-day zero vulnerabilities that indicate the presence and potential of an attack vector. Armis assumes that Bluetooth is likely to include more bugs on different devices, which is entirely functional and can be effectively exploited.
Thanks to the diverse form of media, BlueBorne has become a dangerous threat. In contrast to the majority of Internet attacks, BlueBorne attacks spread across the air. This means that hackers can still connect to smartphones and computers without user intervention and can control devices.
Bleedingbit
Security researchers from Armis’ security firm discovered two new Bluetooth chip “BleedingBit” bugs affecting companies worldwide. A remote execution code bug that included four chip models integrated into seven Cisco Access Points and fünf Meraki Access Points was the first bug followed by CVE-2018-16986. Remote attackers may send dangerous BLE transmission messages, known as “ad packets,” on vulnerable memory chips by exploiting vulnerabilities. Such malicious messages can be called to cause a critical memory overflow when BLE is enabled. This can also allow hackers to corrupt memory, access the operating system, create a backdoor and execute malicious code remotely.
The CVE-2018-7080 second chip vulnerability affected several Aruba access points, including the 300 series, that allows attackers to access and install entirely new firmware versions.
BleedingBit is cited for two reasons as a wake-up call to enterprise security.
“Firstly, serious security concerns arise as an attacker can enter the network without any indication or warning. Second, such vulnerabilities will disrupt the segmentation of the system — the primary protection technique used by most organizations to defend themselves against unknown or unsafe unmanaged IoT devices. And the unmanaged device is the access point, “Yevgeny Dibrov, CEO of Armis, said in a blog post.
Btlejacking
Btlejacking, this Bluetooth attack vector, was released by Damien Cauquil, Head of Research and Development at the DefCon conference in Las Vegas in August 2018. Hackers can interrupt and recover Bluetooth devices with low energy consumption using this new technology. It is based on a vulnerability identified as CVE-2018-7252, affecting BLE versions 4.0, 4.1, 4.2 and 5. To take advantage of the weak points, the attacker needs to be within 5 metres.
Hundreds of millions of Bluetooth devices are susceptible to vectors that allow hackers to discover BLE connections, block BLE devices, and manage vulnerable Bluetooth devices. Bluetooth-enabled devices can be attacked with a micro-integrated BIT computer that costs just $15 and a few open-source lines.
CarsBlues
Privacy4Cars researchers have identified a new major vulnerability, CarsBlues, in the information and entertainment systems of different types of vehicles. These attacks can be made in minutes with cheap, available hardware and software. This enables hackers to remove Personal Identification Information (PII) from users who have synchronized their mobile phone with their car via Bluetooth. It is estimated that tens of millions of vehicles around the world are the victims of hacker attacks.
