Called “Bluetooth’s Stagefright moment,” the BlueBorne attack vector identified by Armis in September exposed more than five billion connected devices. BlueBorne is an attack vector that allows attackers to leverage a Bluetooth connection to penetrate and take complete control over targeted devices.
BlueBorne consists of a set of 8 vulnerabilities affecting all major operating systems (Android, Linux, Windows and iOS) impacting PCs, mobile phones, and many types of IoT devices. The vulnerabilities discovered in BlueBorne can be used to conduct a large range of offenses, including information leaks, Man-in-The-Middle attacks, and remote code execution. The attack does not require the user on the targeted device to take any action. In fact, the target device does not need to be paired to the attacker’s device or even to be set on discoverable mode.
In this talk, researchers Ben Seri and Gregory Vishnepolsky will discuss the background of their research. It will focus on the technical aspects of exploitation of BlueBorne on Android devices, as well as a background on the protocol layers in the Bluetooth stack in which the vulnerabilities lie.