BlueBorne News: Bluetooth Devices at Risk From New Attack That Can Spread Like an Airborne Disease
Recent security findings say there is an active attack vector that can virtually spread through the air like a disease and hack Bluetooth devices.
Armis Labs was the first security firm to report on the new attack vector they named BlueBorne. Simply put, the BlueBorne may be used by hackers to breach any device that has a Bluetooth connectivity feature.
With that, it is safe to say that all desktops and mobile devices around the world with Bluetooth capabilities is a target. According to Bluetooth's official website, there are at least 8.2 billion machines supporting the connectivity feature. It is in computers, smartphones, tablets, wireless speakers and headphones, wearable devices, home appliances, and even in automobiles.
Get Our Latest News for FREE
Once the BlueBorne finds its way in, Armis Labs explained it can "penetrate and take complete control over targeted devices."
Even more worrisome is the fact that BlueBorne can spread even if the target's device is not paired to the attacker's computer. Armis Labs even confirmed that BlueBorne can penetrate a device even if its Bluetooth setting's discoverable mode is disabled. This can be used by any hacker without any kind of user interaction – which makes it more advanced and scarier compared to other known attack vectors.
While the BlueBorne can virtually spread through thin air, Armis Labs maintained that a device without any layer of security remains the narrowest target. The BlueBorne then has the capacity to spread from one device to another, making the hacker's work easier.
Armis Labs added: "Since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device."
Once the BlueBorne attack vector is inside a device or a network, the hacker can pretty much control and use it for several cybercrimes such as theft, spying, or to spread various types of malware.
Earlier this year, Armis Labs had already contacted technology firms and manufacturers including Google, Micrsoft, Apple, Samsung, and Linux.
According to Armis Labs, of all the companies they notified, they are yet to receive feedback from Samsung. Others have responded for a coordinated public disclosure of the risk. Google and Microsoft have reportedly issued necessary security patches, Apple's current OS versions are safe, and Linux is working on an update release as well.
The general rule to keep devices safer from any attack is to make sure their firmware or operating systems are always up-to-date.
