Welcome back Hackers! Recently, for about 6 days ago Armis Lab exposed an exploit demos videos named “BlueBorne“. With this Exploit hackers can take over any devices with Bluetooth support. Armis Lab also build an android app to scan if your android and devices around you is at risk to BlueBorne vulnerability.

This new​ ​attack​ vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and also devices using them. Blueborne attack spreads via Bluetooth, and it is does not need authentication to connect such PIN pairing from targeted user to attacker’s device. Armis Labs identified 8 vulnerabilities which lead to BlueBorne exploit. Those vulnerabilities are :

  1. CVE-2017-1000251 – Linux kernel RCE vulnerability
  2. CVE-2017-1000250 – Linux bluetooth stack information vulnerability
  3. CVE-2017-0785 – Android information Leak vulnerability
  4. CVE-2017-0781 – Android RCE vulnerability #1
  5. CVE-2017-0782 – Android RCE vulnerability #2
  6. CVE-2017-0783 – The bluetooth Pineapple in Android – Logical Flaw
  7. CVE-2017-8628 – The bluetooth Pineapple in Windows – Logical Flaw
  8. CVE-2017-14315 – Apple Low Energy Audio Protocol RCE vulnerability

You may want to see Armis Labs video here :

Armis Labs explains the BlueBorne exploit

[youtube https://www.youtube.com/watch?v=LLNtZKpL0P8&w=560&h=315]

 

Android take over demo video

[youtube https://www.youtube.com/watch?v=Az-l90RCns8&w=560&h=315]

 

Linux SmartWatch take over video

[youtube https://www.youtube.com/watch?v=U7mWeKhd_-A&w=560&h=315]

 

Windows MiTM – Bluetooth Pineapple demo video

[youtube https://www.youtube.com/watch?v=QrHbZPO9Rnc&w=560&h=315]

 

Blueborne exploit looks so scary, because Bluetooth not only on Android, iOS, Windows or Linux, but it is also most used on majority IoT devices. The most affected is Google, because ‘Google’ is always ‘Android’. But, don’t be worry, this kind of exploit is very complex and complicated, eventhough the Armis has not exposes Blueborne exploit, and just spreaded the Blueborne white paper, whoever wants to try to built this exploit will run out of time by theirselves. Sounds challenged? Then build it by yourself and bet Armis Labs there.

For now, what we could do is just to scan whether our devices at risk or not. In this tutorial i will teach you how to scan android vulnerability againts Blueborne exploit in kali linux. We will need an additional tool, called “Blueborne Android Scanner” developed by hook-s3c, you can see his work on Github here: https://github.com/hook-s3c/blueborne-scanner.

Step 1: Install BlueBorne Android Scanner & Dependencies

Open terminal and Grab the Script on GitHub by hit:

Step 2: Allow Permissions

on the Blueborne directory set permission the programs to execute.

Step 3: Turn On Bluetooth Service On Kali Linux

By default the Bluetooth service is off. You can easily turn it on by typing:

Step 4: Scan The AIR

After all preparation is done, and the Bluetooth is turned on. Then, run the bluebornescan.py to start scanning. You need to run this on Python2, I have tested it on the newest Python 3.x and it didn’t work.

As you can see above image, this tool found vulnerable device and the bluetooth name of that device is “Endasmu”.