Cyber & IT Supervisory Forum - Additional Resources

TLP:GREEN

14.2.1 Bluetooth As An Attack Vector There have been many noteworthy Bluetooth vulnerability discoveries in recent years and the sophistication of the attacks will only evolve. 342  Disturbingly, hackers no longer need to be nearby the devices to carry out their exploits. 343 Bluetooth was designed for short-range communications, but because they have radios, cyber thieves can exploit a system remotely and then use that system’s Bluetooth interface to launch an attack.  In this role, it is possible for an attacker to not only run these attacks remotely while in proximity, but also conduct them from much further away using low-cost equipment. 14.2.2 Notable Bluetooth Vulnerabilities As a result of an attackers’ ability to implement remote attacks via radio, the increasing threat from Bluetooth devices to network security is a top concern for security teams. Here are the top eight recent Bluetooth vulnerability discoveries 344 that organizations have had to address: 14.2.2.1 BIAS (Bluetooth Impersonation Attacks) Earlier this year, a new Bluetooth flaw dubbed BIAS was discovered with the potential to expose billions of devices to hackers. BIAS allows cyber-criminals to create an authenticated Bluetooth connection between two paired devices without needing a key. 345  The attacker can take over communication between the two devices by impersonating either end such as a mouse or a keyboard, giving the intruder inside access to the targeted device. 346  Once inside, the masquerading attacker can then implement malicious exploits such as stealing or corrupting data. 347 14.2.2.2 BleedingBit The attacker can use Bluetooth Low Energy (BLE) implementation vulnerabilities for remote code execution 348 and total machine take over to infiltrate networks. 349 14.2.2.3 BlueBorne An attacker can actuate carefully constructed packets to cause buffer overflows 350 which can be exploited for code execution. 351

 The attacker can then take over a machine running Bluetooth Classic and use it as a potential entry point for malicious activity. 352

14.2.2.4 Bluetooth Denial of Service (DoS) Via Inquiry Flood This DoS attack targets BLE devices, running down their batteries and preventing them from answering other requests from legitimate devices. 353

 This is particularly concerning for medical devices being used in life-saving situations. 354

14.2.2.5 Fixed Coordinate Invalid Curve Attack Hackers can crack the encryption key for both Bluetooth and BLE because of subtle flaws in the Elliptic Curve Diffie- Hellman key exchange process. 355

 Attackers can imitate devices, inject commands, and penetrate for added security flaws. 356

TLP:GREEN