Over 5 Billion Devices Exposed To BlueBorne Bluetooth Vulnerability
Leaving your Bluetooth on has never been a good idea. And the recent discovery of eight security vulnerabilities in the Bluetooth protocol – which have been dubbed as Blueborne – is sure to increase the already vulnerable technology’s woes. The worse part with BlueBorne vulnerability is that it has the potential to affect all Bluetooth enabled devices. So if yours is a Bluetooth enabled device, then you too can be subjected to the BlueBorne attack.
Armis, the IoT security firm responsible for exposing the vulnerability, has rated all of these 8 security flaws as critical, as they have the potential to allow hackers to take over over devices and execute malicious code, or to run Man-in-the-Middle attacks and intercept Bluetooth communications. The security firm also points out that these security vulnerabilities can be successfully exploited to create a BlueTooth worm as well which could spread itself across the network.
However, creating such a universal worm requires tremendous effort on the part of the hackers, points out Ben Seri, the head of the research team at Armis Labs.
Fortunately, security patches have been released for iPhone and Windows respectively, and Google is expected to release it soon. Linux also has patches available. Therefore the threat this BlueBorne vulnerability poses does not seem large-scale. Moreover, the fact that hackers if they are to make use of these vulnerabilities successfully, should chain together several vulnerabilities and should be in close proximity to the devices, makes BlueBorne attack tough to duplicate in the real world.
Despite the fact that many manufacturers have prepared themselves for this security exploit, Armis researchers estimate that as much as 5.3 billion unpatched devices might get affected if this Blueborne vulnerability is exploited right now by hackers. Nadir Izrael, the CTO of Armis, when questioned to give the reason for predicting such a high number, states that “BlueBorne doesn’t require the user to make a mistake, or have a device in a discoverable mode. All it requires is a device or a user to have Bluetooth on”.
Therefore, as usual, to stay away from the BlueBorne attack, users should update their devices with the latest security patches released by the respective manufacturers. It is being pointed out that all iOS devices with 9.3.5 or older versions and over 1.1 Billion active Android devices running older than Marshmallow(6.x) are vulnerable to the BlueBorne attack. The same is the case for users running a version of Linux as well.
Izrael also points out that this BlueBorne vulnerability could be exploited even further than Armis, the IoT security app, has demonstrated. Therefore the chances of you being affected by BlueBorne are very remote, it’s a good idea to keep the Bluetooth turned off on your device when you are not using it.
Julia Sowells250 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.