Microchip logo
Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

BlueBorne Attack Vector

BlueBorne is a recently published attack vector that exploits security gaps in Bluetooth classic connections and can be used to execute malicious code on affected devices. More details about the specific vulnerabilities can be found below.

Effect on Microchip Products

Products that have no vulnerabilities

  • IS200x
  • IS201x
  • S202x
  • IS206x
  • IS208x
  • IS167x
  • IS187x
  • BM2x
  • BM6x
  • BM7x
  • RN487x
  • RN467x
  • ATSAMB11
  • ATBTLC1000
  • RN42
  • RN4020
  • RN41

Products that require customer attention

The BlueBorne attack vectors exploits security gaps in the host Bluetooth stack implementation and is not related in any way to the ATWILC3000 firmware or driver implementation.

Recommended actions

  1. The recommended fix is to patch the Host layers that the attack is using
  2. On the host BT stack ensuring the device remains in IDLE state by not enabling Page/ Inquiry scan at any time and that it will never initiate any Bluetooth connection setting the device into Page/ Inquiry states.
  3. New firmware release is planned (15.01) that will disable Bluetooth classic operation and will ensure these vulnerabilities can’t be exploited – Estimated date 01/2018.

Detailed description

BlueBorne targets vulnerabilities in Android and Linux BlueDroid and BlueZ stack implementation which allows RCE (Remote Code Execution) on the host within high privileged process and/or kernel space. The BlueBorne attack vector exploits the following eight vulnerabilities in the host Bluetooth stack implementation and is not related in any way to the Microchip Bluetooth device Firmware or driver implementation.

Vulnerabilities indentified

  1. Linux kernel RCE vulnerability – CVE-2017-1000251
  2. Linux Bluetooth stack (BlueZ) information Leak vulnerability – CVE-2017-1000250
  3. Android information Leak vulnerability – CVE-2017-0785
  4. Android RCE vulnerability #1 – CVE-2017-0781
  5. Android RCE vulnerability #2 – CVE-2017-0782
  6. The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783
  7. The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628
  8. Apple Low Energy Audio Protocol RCE vulnerability – CVE-2017-14315

 

Recommended actions

  • The correct and recommended fix for this attack is to patch the Host layers that the attack targets.
  • SMP (Security Management Protocol): The exposed services can limit access to its features to fully paired devices (Authenticated), ‘Just Works’ mode is essential for devices with no IO capabilities but it marks the connected device to be unauthenticated so that access to unintended services will be prohibited. Service implementer should be aware of access permissions of different features.

For more information visit the Blueborne website.