The thought of a cyber attack spreading through the air like a plague was only a distant fear, until recently. This year, the airborne attack surface emerged, with significant vulnerabilities found in prominent wireless protocols - first Wi-Fi, and now Bluetooth, in the recently identified BlueBorne attack. In this talk we will present the ramifications of airborne attacks, which bypass all current security measures and provide hackers with a contagious attack, capable of jumping over "air-gapped" networks and allow easy full remote code execution on devices from every major OS. We will demonstrate two out of eight zero-day exploits we've found in the Bluetooth stacks of Linux, Android, Windows, and iOS. We will show how easy it is to infect devices ranging from ordinary PCs to the emerging realm of IoT devices, requiring no user interaction, and nothing more than an active Bluetooth.
We will present our findings in Linux, and display a step-by-step exploitation process providing full control over any device running Linux, or any OS derived from it, which unfortunately, includes the majority of IoT devices. We will also explain how to create a generic exploit that can be adapted to operate on different devices and architectures.
Our talk will emphasize that real threats in cyber security are hiding in plain sight. BlueBorne exposes vulnerabilities in Bluetooth implementations, a protocol which has been around since 1998. While researchers did tackle the protocol's flaws, the potential of vulnerabilities in widespread Bluetooth stacks which affect devices directly has been overlooked for the past decade. Bluetooth might seem peripheral, but it holds a large prize for attackers, since it runs on the core of a device with high privileges. This demonstrates the devastating effect of Bluetooth's combined traits: a less scrutinized protocol, that once exploited can provide full control over targeted devices.