The first thing most of us do when we hear of a major security breach is find a way to defeat it, but the “BlueBorne” collection of Bluetooth attack vectors defies this strategy, as for many of the affected devices there is no quick fix—or any fix at all. Revealed to the public by IoT security firm Armis Labs, BlueBorne can take control of any Bluetooth-enabled device regardless of what platform its installed on, without you knowing it and without Bluetooth in discoverable mode, and it can leap over air-gapped networks and spread malware to other devices. You don’t even have to authenticate the connection to the attacker’s device. Hackers can take control of Bluetooth-enabled devices in a matter of seconds.
For designers of Bluetooth-enabled components, subsystems, and systems, BlueBorne poses the question of how to harden Bluetooth in future products against such threats. Unfortunately, that’s a tall order because Bluetooth’s vulnerabilities are baked into its enormously complex, 3000-page specification (802.11 needs only 450 pages). This complexity is one of the greatest impediments to resolving Bluetooth’s vulnerabilities and far too lengthy to be covered here.
Suffice it to say that it would basically require changing the fundamentals of how Bluetooth works, which only the Bluetooth Special Interest Group (SIG) and its members can do, and would require significant time and money. As Bluetooth has evolved, some of its vulnerabilities have been corrected while new ones have emerged, making it difficult at best to make Bluetooth devices secure, which is why most military agencies require it to be turned off in most places. Bluetooth 5 is also probably just as vulnerable as its predecessors.
While this isn’t the first (or likely the last) Bluetooth exploitation, its multi-faceted abilities surely make it one of the worst. All wireless technologies can and have been exploited, and the ubiquity of Bluetooth makes it an appealing point of device entry for hackers. Preventing this, and similar exploitations or attack strategies like eavesdropping, bluesnarfing, bluebugging, and denial of service, is extremely difficult. It isn’t helped by Bluetooth sniffing products like the open-source Ubertooth One or Blue Hydra that monitor Bluetooth traffic in real time. While presumably designed for legitimate professional use, they’re great tools for hackers, too.
Faced with this reality, there are few choices—none of them good or even reasonable—and all place the responsibility on the user rather than the designer or even the device manufacturer. So far, the security community has basically offered only one solution: “Turn it off.” Of course, many of the more than 8 billion Bluetooth-enabled devices don’t provide that option, and even if they did, how many people would simply abandon Bluetooth?
Although Apple’s iOS 10 operating system is immune, earlier versions are not. Microsoft also immediately released a security update for Windows, and Google created one but as of this writing hasn’t widely released it. Even when it does, Google devices like the Nexus and Pixel products using Android 7.0 and some earlier versions will be the first to get it, and everyone else will have to wait until their wireless carrier delivers it.
Accepting that Bluetooth is inherently insecure and too complex to fix is obviously not an acceptable posture. As Bluetooth 5, beacons, and mesh technology have been made viable for more applications, especially IoT, confronting these security issues is more crucial than ever to ensure the survival of this technology. Strangely, the Bluetooth SIG has thus far been silent about Blueborne, but what could it say in the technology’s defense?
And of course, BlueBorne is just one of many security issues making the news headlines. Hardening security in embedded systems is a tall order, yes, but paramount. Mouser Electronics, along with security expert Andrew Plato of Anitian Corporation, is hosting the Data Security: Think Like a Hacker webinar on September 27, 2017. The 60-minute session describes the daisy-chaining process of hacking, addresses 10 areas hackers focus on, provides takeaways to implement, and concludes with a Q&A. A security expert from Anitian will also answer attendee questions during the live webinar.
Barry Manz is president of Manz Communications, Inc., a technical media relations agency he founded in 1987. He has since worked with more than 100 companies in the RF and microwave, defense, test and measurement, semiconductor, embedded systems, lightwave, and other markets. Barry writes articles for print and online trade publications, as well as white papers, application notes, symposium papers, technical references guides, and Web content. He is also a contributing editor for the Journal of Electronic Defense, editor of Military Microwave Digest, co-founder of MilCOTS Digest magazine, and was editor in chief of Microwaves & RF magazine.