Flame's Bluetooth functionality could help spies extract data locally, researchers say
Attackers could pinpoint the physical location of infected computers using Flame's Bluetooth functionality
IDG News Service - The Bluetooth functionality of the Flame cyberespionage malware could potentially be used to pinpoint the physical location of infected devices and allow local attackers to extract data if they get in close proximity to the victims, according to security researchers from antivirus vendors Symantec and Kaspersky Lab.
Flame can leverage an infected computer's Bluetooth capability, to scan for other nearby Bluetooth-enabled devices like mobile phones, Kaspersky Lab researchers said in their initial Flame report published on Monday.
This functionality is present in a Flame module called BeetleJuice, security researchers from Symantec said in a blog post on Thursday. "When a device is found, its status is queried and the details of the device recorded--including its ID--presumably to be uploaded to the attacker at some point."
This information could be used to determine the social and professional circles of victims over time by looking at what Bluetooth devices their computers detect on a regular basis, the Symantec researchers said.
Flame-infected computers can also act as Bluetooth beacons, allowing other Bluetooth devices to discover them. When acting as beacons, the infected computers indicate that they have the Flame malware installed on them through a special description field.
This feature could potentially help local attackers physically locate Flame-infected computers inside a building in order to directly extract information from them if, for some reason, that information cannot be obtained over the network, Vitaly Kamluk, chief malware expert at Kaspersky Lab, said on Tuesday.
There might even be a Flame feature that allows such data extraction to occur over Bluetooth, but no technical evidence of this functionality has been found yet, Kamluk said. Such an attack would have the benefit of bypassing any network-level firewalls and security controls, the Symantec researchers said.
"It is possible that there is undiscovered code within W32.Flamer which already achieves some of these goals," the Symantec researchers said. "For example, although we have not found network code near the 'beacon' code, one compromised computer may connect to another computer using Bluetooth."
Most security researchers agree that Flame was likely created by a nation state for espionage purposes and that its primary targets were organizations and individuals from Iran and other countries in the Middle East.
If that theory is correct, it would be fairly reasonable to assume that such a nation state could also have intelligence assets or operatives in those regions, who could get physically close to the victims in order to interact with their Flame-infected laptops via Bluetooth.
There are precedents for nation states' involvement in malware attacks on Middle East countries. A report in The New York Times Friday said that U.S. President Barack Obama ordered the Stuxnet cyberattacks on Iran in order to damage the country's nuclear program.
- DOJ's charges against China reframe security, surveillance debate
- Hacker indictments against China's military unlikely to change anything
- U.S. to formally accuse Chinese military of hacking
- Cyberattacks could paralyze U.S., former defense chief warns
- The NSA blame game: Singling out RSA diverts attention from others
- Jury still out on FISA court
- Suspected China-based hackers 'Comment Crew' rises again
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- Learn More About Peer 1 Hosting's Mission Critical Cloud Mission Critical Cloud from Peer 1 Hosting is enterprise-ready, creating a perfect point of adoption whether you need an off-premise solution for development
- What Makes a Cloud Solution Truly Enterprise-Grade? Future enterprise cloud capabilities will evolve from five core elements...
- Mission Critical Cloud Powers Freesat Website, Mobile App When subscription-free satellite TV service Freesat needed a scalable, cost-effective infrastructure it found the disaster recovery and security features it needed with Peer...
- Bring Your Own Device: From Security to Success Download this e-Book to learn best practices for executing a BYOD policy.
- Live Webcast 5 Steps to Assuring Quality of Experience In order to align monitoring and management practices with the true demands of the business, IT professionals must expand beyond traditional comfort zones...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade.
- Peer 1's Mission Critical Cloud: Your Cloud, Your Way Peer 1 Hosting's Mission Critical Cloud offers the ultimate in flexible customization of infrastructure, resources and support. All Topic Center White Papers | Webcasts