When is the Cost of Convenience too High?



When is the Cost of Convenience too High?

There’s a Bluetooth hack afoot, and it’s devious. It only needs Bluetooth to be on to end up take pictures of you from your phone without you knowing it. This is based on a Bluetooth BlueBorne demo on YouTube from Armis.com. All you have to do is have Bluetooth on and be in the vicinity of another Bluetooth device that’s under the control of a hacker. You do not have to be in Discovery mode (trying to pair a new device), you only have to have it on. Bluetooth doesn’t have a WEP key like Wi-Fi; you just have to consent to a pairing to a device. Consent to pairing your phone with a Bluetooth device hasn’t required a password. I suppose the point was that to hack into a smartphone via Bluetooth; you would need to actively consent from the smartphone to pair with a hacked Bluetooth device. BlueBorne doesn’t need a pairing attempt; it just needs Bluetooth to be turned on.

The latest attack vector uses Bluetooth with a very broad path of potential destruction. BlueBorne™ exposes Linux, iOS, Android, and  Windows on mobile, desktop, and IoT platforms. According to a recently released report from Armis, “BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode.” Apparently, 8.2 billion devices are at risk.

I know, you’re saying, “Not another one!” But this, my friends, is the price of technology. The same devices that allow unprecedented productivity and access to instant information can also be exploited. What’s funny, and I don’t mean ha-ha funny, is that I just recently adopted Bluetooth when I got a new car that automatically connects my Android phone to my car speaker system. My early foray into Bluetooth-land ended in disgust as it failed to connect on a random basis. Five years later, I gave it another shot and was quite impressed. Now I am wondering how the car’s Bluetooth works; is it a peripheral like a headset, or is it more like a smartphone? And how can I turn it off? Is my car vulnerable to anyone in a parking lot with a laptop? Yes. Is there a firewall between my infotainment center and the other numerous ECUs in the car (e.g., steer-by-wire, ABS, airbag, etc.)? Can you even buy a new car that doesn’t have Bluetooth anymore?

Most mechanics don’t know how to do anything with the infotainment system; they’re a fire-and-forget kind of feature that gets upgraded when you buy a new model. The software in a car can run into a million lines of code or more and isn’t really a car manufacturer’s core competency. As one example, check out the car acceleration issue that Professor Phil Koopman of Carnegie Mellon U. covers in the Bookout v. Toyota case where stack overflow caused unintended acceleration. The unintended acceleration caused by millions of lines code and software that lacks hardware safety overrides is “definitely a thing,” according to Koopman per a Consumer Affairs article, although the acceleration is quite rare. The level of cybersecurity hacks afoot in our hyper-connected modern times shows the ugly side of humanity on a new level. As highway robbers were common to  stagecoaches, we now have hackers in common with anything that is connected. The internet puts us in reach of tools that are maintained halfway around the world, but it also puts crooks within touching distance of our online lives. What’s online? Finances, healthcare records, school and property records, a lifetime of photos and correspondence, a multitude of applications, and the Internet of Things (IoT). Last July, hackers hacked 143 million people’s identities on Equifax. Bluetooth is hackable, too.

How does BlueBorne work?

There’s a vulnerability in the implementation of the Bluetooth protocol that the hacker exploits. A hacker just needs to locate an active Bluetooth connection near him. The hacker can then find Bluetooth devices even if they are not in pairing or “discovery” mode; they only need to have Bluetooth turned on. The hacker uses Bluetooth to get the MAC address for the device and find out which operating system that it’s using to match the exploit to the OS. Hackers can go on to make a Man-in-The-Middle attack (with total control over communication) or take total control of the device to do anything from taking surreptitious photos to key-logging.

For now, the solution is to turn off Bluetooth when out in public until there’s an update that plugs the hole. For phones, one can try using an iPhone with the iOS 10 operating system, which is purportedly immune.