Flame's Bluetooth functionality could help spies extract data locally, researchers say

Attackers could pinpoint the physical location of infected computers using Flame's Bluetooth functionality

The Bluetooth functionality of the Flame cyberespionage malware could potentially be used to pinpoint the physical location of infected devices and allow local attackers to extract data if they get in close proximity to the victims, according to security researchers from antivirus vendors Symantec and Kaspersky Lab.

Flame can leverage an infected computer's Bluetooth capability, to scan for other nearby Bluetooth-enabled devices like mobile phones, Kaspersky Lab researchers said in their initial Flame report published on Monday.

This functionality is present in a Flame module called BeetleJuice, security researchers from Symantec said in a blog post on Thursday. "When a device is found, its status is queried and the details of the device recorded--including its ID--presumably to be uploaded to the attacker at some point."

This information could be used to determine the social and professional circles of victims over time by looking at what Bluetooth devices their computers detect on a regular basis, the Symantec researchers said.

Flame-infected computers can also act as Bluetooth beacons, allowing other Bluetooth devices to discover them. When acting as beacons, the infected computers indicate that they have the Flame malware installed on them through a special description field.

This feature could potentially help local attackers physically locate Flame-infected computers inside a building in order to directly extract information from them if, for some reason, that information cannot be obtained over the network, Vitaly Kamluk, chief malware expert at Kaspersky Lab, said on Tuesday.

There might even be a Flame feature that allows such data extraction to occur over Bluetooth, but no technical evidence of this functionality has been found yet, Kamluk said. Such an attack would have the benefit of bypassing any network-level firewalls and security controls, the Symantec researchers said.

"It is possible that there is undiscovered code within W32.Flamer which already achieves some of these goals," the Symantec researchers said. "For example, although we have not found network code near the 'beacon' code, one compromised computer may connect to another computer using Bluetooth."

Most security researchers agree that Flame was likely created by a nation state for espionage purposes and that its primary targets were organizations and individuals from Iran and other countries in the Middle East.

If that theory is correct, it would be fairly reasonable to assume that such a nation state could also have intelligence assets or operatives in those regions, who could get physically close to the victims in order to interact with their Flame-infected laptops via Bluetooth.

There are precedents for nation states' involvement in malware attacks on Middle East countries. A report in The New York Times Friday said that U.S. President Barack Obama ordered the Stuxnet cyberattacks on Iran in order to damage the country's nuclear program.

Some Bluetooth attacks don't even require close proximity to the target. Back in 2004, at the Defcon hacker conference, researchers showcased a sniper-rifle-like device that could connect to regular Bluetooth-enabled mobile phones from over one kilometer away.

Another use for the Bluetooth functionality in Flame could be to eavesdrop on private conversations, the Symantec researchers said. "Connect a compromised computer to a nearby device and enable handsfree communication. When the device is brought into a meeting room, or used to make a call, the attackers could listen in."

All of these theories describe practical attacks that would be well within the capabilities of skilled attackers, like the ones who created Flame, the Symantec researchers said. "W32.Flamer is possibly the only Windows based threat we have encountered which uses Bluetooth."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?