Advertisement

New Bluetooth vulnerability can hack a phone in 10 seconds

New Bluetooth vulnerability can hack a phone in 10 seconds
From TechCrunch - September 12, 2017

Security company Armis has found a collection of eight exploits, collectively called BlueBorne, that can allow an attacker access to your phone without touching it. The attack can allow access to computers and phones, as well as IoT devices.

Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

BlueBorne affects pretty much every device we use. Turns that Bluetooth into a rotten black one. Dont be surprised if you have to go see your security dentist on this one, said Ralph Echemendia, CEO of Seguru.

As you can see from this video, the vector allows the hacker to identify a device, connect to it via Bluetooth, and then begin controlling the screen and apps. Its not completely secretive, however, because in activating the exploits you wake up the device.

The complex vector begins by finding a device to hack. This includes forcing the device to give up information about itself and then, ultimately, release keys and passwords in an attack that very much resembles heartbleed, the exploit that forced many web servers to display passwords and other keys remotely.

Advertisement

Continue reading at TechCrunch »