Online Super-Weapon Flame Could Track Targets, Map Locations And Steal Data Via Bluetooth

Bluetoothache: Super-Weapon 'Flame' Could Track And Steal Data Via Bluetooh
|

The online 'super-weapon' known as Flame was able to control Bluetooth chips on infected computers, enabling it to track nearby devices - and potentially locate high-priority targets, according to a security firm.

On Friday it was announced that Flame is the first Windows-based malware to ever use Bluetooth, according to the security firm Symantec who announced its discovery on Monday.

Symantec say the exact use of Flame's Bluetooth component remains a mystery, but said three theories had emerged.

The first could see the controller of the virus "mapping infected users' social and professional circles" by cataloguing the other Bluetooth-enabled devices encountered nearby.

Through this the attacker could build a map of the targets friends and professional contacts.

In the second scenario, the user could "Identify the physical locations of infected users to determine their proximity to high-priority targets" said Symatec - adding that those could be other individuals or computing systems.

The attacker could also use Bluetooth as a way to map a physical location, determining exactly where the infected computer is and who is nearby.

Bluetooth monitoring devices then could be placed in airports, train stations, or any other hub, and "listen" for an infected or known device - making tracking much easier.

Third, it is possible Flame could "target other Bluetooth devices within range to steal information off them, use them to eavesdrop or leverage their data connections to exfiltrate already-stolen data".

In a detailed blog post on its website, Symantec Security Response said the Bluetooth element of Flame was further proof it was an "exceptional" attack.

Countries with developed infrastructure - including the UK - are thought to be most vulnerable to the weapon which has reportedly hit more than 600 specific targets.

Others known to have been affected include Sudan, Syria, Lebanon and Saudi Arabia.

Symantec told the Huffington Post that only a government could be responsible for the attack, but exactly who is behind it remains unknown.

Orla Cox, senior manager at Symantec Security Response, told the Huffington Post that the level of professionalism involved in the attack was unprecedented.

"I think it would hard to say that anyone other than a nation state would be behind it," Cox said. "You're looking at a well organised well funded group."

On Friday it was reported President Obama had secretly ordered a wave of "increasingly sophisticated attacks" against Iran and its nuclear program, according to reports.

The New York Times said that Obama accelerated the attacks against Iran's nuclear facilities, adding that the program was code-named 'Olympic Games'.

The Times said that even after the Stuxnet worm - a computer virus targeting Iran's Natanz nuclear research plant - went public after a programming error Obama continued to ramp up the attacks.

There is currently no link between Flame and any specific government, group or agency.