Welcome back Hackers! Recently, for about 6 days ago Armis Lab exposed an exploit demos videos named “BlueBorne“. With this Exploit hackers can take over any devices with Bluetooth support. Armis Lab also build an android app to scan if your android and devices around you is at risk to BlueBorne vulnerability.
This new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and also devices using them. Blueborne attack spreads via Bluetooth, and it is does not need authentication to connect such PIN pairing from targeted user to attacker’s device. Armis Labs identified 8 vulnerabilities which lead to BlueBorne exploit. Those vulnerabilities are :
- CVE-2017-1000251 – Linux kernel RCE vulnerability
- CVE-2017-1000250 – Linux bluetooth stack information vulnerability
- CVE-2017-0785 – Android information Leak vulnerability
- CVE-2017-0781 – Android RCE vulnerability #1
- CVE-2017-0782 – Android RCE vulnerability #2
- CVE-2017-0783 – The bluetooth Pineapple in Android – Logical Flaw
- CVE-2017-8628 – The bluetooth Pineapple in Windows – Logical Flaw
- CVE-2017-14315 – Apple Low Energy Audio Protocol RCE vulnerability
You may want to see Armis Labs video here :
Armis Labs explains the BlueBorne exploit
Android take over demo video
Linux SmartWatch take over video
Windows MiTM – Bluetooth Pineapple demo video
Blueborne exploit looks so scary, because Bluetooth not only on Android, iOS, Windows or Linux, but it is also most used on majority IoT devices. The most affected is Google, because ‘Google’ is always ‘Android’. But, don’t be worry, this kind of exploit is very complex and complicated, eventhough the Armis has not exposes Blueborne exploit, and just spreaded the Blueborne white paper, whoever wants to try to built this exploit will run out of time by theirselves. Sounds challenged? Then build it by yourself and bet Armis Labs there.
For now, what we could do is just to scan whether our devices at risk or not. In this tutorial i will teach you how to scan android vulnerability againts Blueborne exploit in kali linux. We will need an additional tool, called “Blueborne Android Scanner” developed by hook-s3c, you can see his work on Github here: https://github.com/hook-s3c/blueborne-scanner.
Step 1: Install BlueBorne Android Scanner & Dependencies
Open terminal and Grab the Script on GitHub by hit:
git clone https://github.com/hook-s3c/blueborne-scanner.git cd blueborne-scanner pip install -r ./requirements.txt
Step 2: Allow Permissions
on the Blueborne directory set permission the programs to execute.
sudo chmod +x ./bluebornescan.py
Step 3: Turn On Bluetooth Service On Kali Linux
By default the Bluetooth service is off. You can easily turn it on by typing:
service bluetooth start
Step 4: Scan The AIR
After all preparation is done, and the Bluetooth is turned on. Then, run the bluebornescan.py to start scanning. You need to run this on Python2, I have tested it on the newest Python 3.x and it didn’t work.
As you can see above image, this tool found vulnerable device and the bluetooth name of that device is “Endasmu”.