BlueBorne - A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device

Presented at Black Hat Europe 2017, Dec. 6, 2017, 11:45 a.m. (60 minutes).

The thought of a cyber attack spreading through the air like a plague was only a distant fear, until recently. This year, the airborne attack surface emerged, with significant vulnerabilities found in prominent wireless protocols - first Wi-Fi, and now Bluetooth, in the recently identified BlueBorne attack. In this talk we will present the ramifications of airborne attacks, which bypass all current security measures and provide hackers with a contagious attack, capable of jumping over "air-gapped" networks and allow easy full remote code execution on devices from every major OS. We will demonstrate two out of eight zero-day exploits we've found in the Bluetooth stacks of Linux, Android, Windows, and iOS. We will show how easy it is to infect devices ranging from ordinary PCs to the emerging realm of IoT devices, requiring no user interaction, and nothing more than an active Bluetooth.

We will present our findings in Linux, and display a step-by-step exploitation process providing full control over any device running Linux, or any OS derived from it, which unfortunately, includes the majority of IoT devices. We will also explain how to create a generic exploit that can be adapted to operate on different devices and architectures.

Our talk will emphasize that real threats in cyber security are hiding in plain sight. BlueBorne exposes vulnerabilities in Bluetooth implementations, a protocol which has been around since 1998. While researchers did tackle the protocol's flaws, the potential of vulnerabilities in widespread Bluetooth stacks which affect devices directly has been overlooked for the past decade. Bluetooth might seem peripheral, but it holds a large prize for attackers, since it runs on the core of a device with high privileges. This demonstrates the devastating effect of Bluetooth's combined traits: a less scrutinized protocol, that once exploited can provide full control over targeted devices.


Presenters:

  • Ben Seri - Head of Research, Armis
    Ben Seri is the Head of Research at Armis, responsible for vulnerability research and reverse engineering. His main interest is exploring the uncharted territories of a variety of wireless protocols to detect unknown anomalies. Prior to Armis, Ben spent almost a decade in the IDF Intelligence as a researcher and security engineer. In his free time Ben enjoys composing and playing as many instruments as the wireless protocols he's researching.
  • Gregory Vishnepolsky - Researcher, Armis
    Gregory Vishnepolsky is a researcher at Armis. He has over a decade of experience in cybersecurity research, specializing in reverse engineering and exploitation of obscure hardware and software. He is currently reversing IoT devices, looking under the hood of wireless protocols, and exploiting real-world implementations thereof. Prior to Armis, Greg was a researcher at Adallom (now a part of Microsoft), focusing on SaaS security. In the comfort of his home, Greg conducts dubious medical experiments, usually on himself.

Links:

Similar Presentations: