Today here, we will be talking about a major malware that has recently affected billions of devices running Android. It is known by “BlueBorne Virus” and below we will get into the details and let you know what it actually is, how it affects Android, and how you can deal with it.
Android has evolved over all these years and so has the malware that affects its core. Every month, we see Google fixing tens and hundreds of vulnerabilities that could potentially risk the Android environment, through the Android Security Bulletin. These vulnerabilities or issues are then patched and delivered to the devices via OTA updates.
But fixing and patching these is not an easy task, it follows a long process. Starting from discovering these patches, which are either found by Google itself, or the information is provided third-party security agencies or developers. Once the issue is found, Google works on it by patching the AOSP code. When it is fixed, the updated code is then compiled and delivered to the users through monthly OTA updates or factory images, followed by OEMs. Then, Google publishes this information on their website to be fetched by the user, listing each and every patch that was discovered and fixed in the last month.
Now, let’s talk about a major malware that recently affected all Android devices – BlueBorne Virus.
Table of Contents
- 1 BlueBorne Virus – What is it & How it affects Android
- 2 How to deal with or fix BlueBorne Virus on Android
BlueBorne Virus – What is it & How it affects Android
“BlueBorne Virus” is the latest and one of major malware that has ever affected Android, which was discovered and brought into the light by “Armis Labs”. Armis is a well-reputed security agency that finds blind spots/loopholes in the IoT technology used worldwide.
Armis recently discovered this new attack vector which affects all the devices using Bluetooth on major operating systems including Android, iOS, Linux, and Windows. Since Bluetooth is a technology that has high privileges over the complete operating system, attacking it is the most productive way to take complete control over a device. And since the technology is airborne, the malware could be easily spread over to all short-range Bluetooth devices near the affected piece. BlueBorne allows the attacker to take advantage of Bluetooth enabled devices to take complete control over the device, exploit it, fetch network information, execute remote code, and spread this malware constantly over to nearby devices that also use Bluetooth.
The attack vector is so efficient that it does not spare a single device. So any phone, tablet, or wearable device that runs on Android and uses the Bluetooth functionality is at high risk at all times until a fix is applied.
BlueBorne Security Patch Update in September
As of now, the security firm has provided eight vulnerabilities that are related to BlueBorne Virus, of which four are tagged as critical and require fixing at the earliest basis.
The BlueBorne security patch update is now included in September 4 security patches, as submitted by Ben Seri and Gregory Vishnepolsky of Armis, Inc. The four vulnerabilities that affect Android system are listed below.
The top-level vulnerability that is intended to cause the BlueBorne virus attack on a device. It practically allows the attacker to take leverage over one and all of the following vulnerabilities to gain access, execute remote code, and perform other malicious attacks on the device. It uses the Service Discovery Protocol (SDP) that is responsible for discovering Bluetooth enabled devices nearby. This vulnerability also allows the hacker to intercept encryption keys from the affected device and keep a complete tap over all the Bluetooth communications that are going on.
This vulnerability is found in Bluetooth Network Encapsulation Protocol (BNEP) that is responsible for sharing Internet over Bluetooth, also known as “Bluetooth Tethering”. It allows the hacker to execute remote code on any affected Android device, thus having complete control and also enables him to trigger a memory corruption. Since there is no proper authorization method implemented in BNEP, the attacker could access and execute code, without even the notice of user.
The next vulnerability is very identical to CVE-2017-0781 but works at an even higher level of BNEP. It makes use of the Personal Area Networking (PAN) service that allows users to establish a network connection between two devices over IP address. In this, the memory corruption is higher, but it still could be taken advantage of, to take complete control over a device.
This vulnerability is caused by a rather different attack method, known as “Man-in-The-Middle” attack. It allows the hacker to intercept all the ingoing and outgoing data on a device. He could leverage the PAN profile to inject malicious code, re-configure the IP network, and also enable device’s data transmission over a malicious network interface.
On the prime line, the BlueBorne Security Patch Update will fix all the four vulnerabilities on the Nexus and Pixel devices that are supported to receive monthly security updates. The vulnerabilities and related patches have also been shared with major Android OEMs so that all the OEM devices could receive the BlueBorne security patch update.
How to deal with or fix BlueBorne Virus on Android
Now that you are well aware of how infectious and dangerous this attack could be, it is the best time to deal with BlueBorne Virus and prevent your Android smartphone, tablet, or wearable device from being attacked, if it not has already been ambushed by an attacker.
Step 1: Detect if your device is affected/vulnerable to BlueBorne
The foremost step you should take is to find out if your Android device. This could be done by using an app published by Armis Inc. themselves. It is known as “BlueBorne Vulnerability Scanner by Armis” and is already available on Google Play. The app is designed to effectively scan your device if it is vulnerable to an attack. It also scans nearby Bluetooth enabled devices and lets you know if they are affected as well.
So, download the app on your Android: Get BlueBorne Vulnerability Scanner by Armis on Google Play
Once the app is installed, launch it from the app drawer. The default screen shall be ready for you to scan your own device for BlueBorne vulnerability. So press the “TAP TO CHECK” button. You will be prompted by a message to help the research community by sharing the data, so tap on “ALLOW”.
The scanning shall start and will show you the results in a few seconds. If the results show “You are Safe!”, that means no further action is required from your end and your device is secure from the BlueBorne Virus. Now go ahead and tap on “CHECK DEVICES AROUND ME” to see if a vulnerable device is present nearby
Now go ahead and tap on “CHECK DEVICES AROUND ME” to see if a vulnerable device is present nearby that could also affect your device. You will need to grant location permissions, so allow tit. The app will run the scan and display any affected devices with red dots. You can further click on these dots to know the severity, device name, and MAC address.
If these red dots/devices are those of your fellow mates or family, it is best to proceed with the next step.
Step 2: Install latest BlueBorne Security Patch Update on your Android
If through the above scan, you received a message saying “Your Device is Vulnerable” that means your device can be attacked freely through the available blind spots, which are not yet fixed.
You can begin by checking out if your device has an available update. To see for that, go to Settings > System > System update and tap on “Check for update”. The other way to check it is to go to Settings > System > About phone and view the “Android Security Patch Level”, which should be updated as for “5 September 2017”.
In case your Android has still not received the BlueBorne Security Patch Update, you shall contact your OEM support for this and let them be aware of the issue, if not yet. Most OEMs including LG and Samsung are already working on delivering this update, so you may expect it pretty soon. We have already seen the fix for OnePlus 3 and 3T through the latest Open Beta update.
Step 3: Last resort, turn OFF Bluetooth
It’s unfortunate that you have to read this step. But in case your device is vulnerable and has yet not received a fix, the best option is to disable Bluetooth functionality. Since the attack requires your device to have enabled Bluetooth, it could be prevented by simply turning OFF Bluetooth until there’s a real fix for your device. We understand that this could be an inconvenience to you, but is a working defensive measure against the attack. You might not be able to play songs in your car or Bluetooth speakers for some time, but that is a compromise you will have to make to secure your Android.
To turn off Bluetooth, go to the Settings > Connected devices > Bluetooth and turn off the toggle. Trust me, this is the best for you.
Okay, so there you have it. We believe we have laid down all the necessary details regarding the BlueBorne Virus attack, how it affects your Android device, and what the current ways to deal with it. If you further have any questions, you can ask us.
Source: Armis Inc.