A new Bluetooth vulnerability has been detected by security company Armis in mobiles, as well as computers. This vulnerability leaves the device open for hackers to attack the system via Bluetooth. Armis has named this vulnerability "BlueBorne.” The exposure on the mobile or computer system will allow a hacker to access the devices via Bluetooth without the need to pair with it.
The hackers are easily able to establish a connection with the device over the air and access the computer or mobile’s system. While the security company alerted most parties affected by this vulnerability in April, as of now the targets are mostly Android-run devices.
BlueBorne: how does it work?
According to a Life Hacker report, which cites Armis Security, BlueBorne is a hacking method where the Bluetooth is used by the hackers to gain access and establish control over a targeted devices’ systems. The security firm states that BlueBorne can be used to access a range of devices such as smartphones, computers, and IoT devices.
If a device comes with Bluetooth connectivity feature, the hackers can access the device’s system. This mode of attack does not require pairing of devices or even Bluetooth to be set on discoverable mode. Armis has been able to identify eight zero-day vulnerabilities so far, which given researchers an idea of how the attack will be carried out, as well as the potential of the mode of the breach. However, the firm believes that many more pathways that are yet to be discovered exist and can be used to breach into the systems.
What is at risk with the BlueBorne attack vector?
To make people aware of this newly-discovered vulnerability, Armis reveals in a post on its website that this mode of attack comes with several qualities, which if combined will have a disturbing effect on a device’s system.
The company states that BlueBorne identifies the weakest link in a network’s defense system and targets that particular area to gain control. The vector attack finds connections that no security measure can protect giving it a smooth passageway into the system. Moreover, BlueBorne is highly infectious, especially when it extends its reach from one device to the other, over the air.
Bluetooth is always given additional privileges on all operating systems, be it mobile or computer. Thus, establishing a connection using Bluetooth connectivity would give hackers full virtual control over the device.
iOS, Windows, and Android affected by BlueBorne
Amis Security states that the vector attack has till date affected devices running on Android, iOS, Windows, and Linux.
The company states that samsung galaxy, Google Pixel, Samsung Galaxy Tab, LG Watch Sport are some of the impacted devices. Apart from Android, all iPads, iPhones, and iPod Touch systems running on iOS 9.3.5 and lower can be attacked using this attack mode.