Bluetooth Hacks: While out of our conventional lives, especially in the current office environment, the use of Bluetooth technology as well as other RF (radio frequency) enabled devices is commonplace, few consumers actually comprehend how technology works. In addition, the security risks synonymous with Bluetooth devices are even less understandable.
We appreciate the conveniences that tethering devices to wireless printers, speakers and headphones provide, consequently is the concern about security in the office being overhyped?
Bluetooth Hacks: The Not-So-Bygone BlueBorne Threat
The security industry works quickly to squash vulnerabilities as quickly as they are discovered, but that doesn’t mean after the vulnerabilities are discovered ALL devices are immunized to the threat. The BlueBorne vulnerability registered on our collective radar late in 2017, but many devices never received the patches and updates necessary to remove the nine possible threat vectors.
Research suggests that two billion devices are still vulnerable to BlueBorne through the neglect of updates or never having received patches in the first place.
BlueBorne worked differently than other threats to Bluetooth-enabled devices like bluebugging or bluejacking. This attack targeted numerous parts of the Bluetooth stack. BlueBorne would attempt to pose as a device that wished to connect but the exploit would be executed before the connection attempt would require a user to perform an action.
Part of the reason BlueBorne was so effective was that the attack didn’t rely on the internet connectivity of the device, which remain a little-explored area of the cybersecurity research community at the time. The attacker would manipulate the timestamp and size of the discovery query and send a second discovery query as a separate service to the primary target. This effectively activated the failsafe connection of the device and allowed unfettered access.
BlueBorne affected pre-iOS 10 devices on Android, Window and Linux platforms. While valuable lessons have been learned from the BlueBorne event, many devices will remain vulnerable to emerging attack vectors.
Bluetooth Hacks: Negotiation Vulnerability
In August of 2019, another notable security vulnerability was detected in Bluetooth technology. Bluetooth BR/EDR systems are vulnerable to Key Negotiation of Bluetooth (KNOB) attacks using standard versions 1.0 to 5.1.
This bug effectively allowed an attacker to brute force the encryption key used by devices during pairing. The information revealed by the Center for IT-Security, Privacy and Accountability (CISPA) reported that in some cases, attackers are able to reduce the encryption key to a single octet.
In theory, if the keys of two devices have been exposed by an attack, bad actors can manipulate the data being exchanged between the devices. This would expose users to a third-party having the ability to inject commands and monitor the keystroke of the compromised device. ICASI did mention they had not nevertheless seen this attack vector be deployed maliciously.
The official statement from Bluetooth: “For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were establishing a BR/EDR connection. If there was no vulnerability with one of the devices, then perhaps the attack wouldn’t have been likely to succeed.”
“The attacking device would need to intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both, all within a narrow time window.”
Bluetooth Hacks: Why We Should Care
According to shipping data, there are around 8.2 billion Bluetooth-enabled devices in use throughout the world. Knowing that a good chunk of these devices are not operating with the current version of the firmware, or will not be updated when a increased vulnerability is discovered is a very enticing opportunity for criminals.
Bad actors understand that a LOT of valuable data can be obtained through Bluetooth devices, and the barrier to entry may be lower than traditional hacking methods because of the comparatively weak security protocols.
This presents a critical issue for IT managers and security professionals advising clients in certain industries. The aftermath of a data breach for any small business can be devastating, but tightly regulated industries like finance and healthcare risk higher regulatory penalties and exponentially severer damage to their reputation in the wake of a breach.
Needless to say, we can’t expect the modern office environment in these industries to revert back to dot-matrix printers and telephones with 30-foot chords.
For the security community, staying ahead of the curve in securing Bluetooth-enabled devices require more investment in researching the threat landscape.
From a business perspective, investing in partnerships with vendors and advisors who perceive threats holistically, including those from wearable, wireless devices are a meaningful step towards a stronger cybersecurity strategy.