At least eight zero-day related vulnerabilities were found on the Bluetooth technology, a major IoT security company revealed. Four of these vulnerabilities are classified as critical, which could lead to major attacks on mobile devices, PCs, and IoT operating systems such as Google’s Android, Apple’s iOS, Microsoft Windows, and Linux.
According to IoT security company Armis Labs, a new Attack Vector called BlueBorne is able to attack interconnected devices using Bluetooth technology. Once attackers are able to penetrate a device using BlueBorne, they can take full control of the devices and laterally spread this malware to adjacent devices with Bluetooth enabled.
Understanding BlueBorne
Based on the research paper released by Armis Labs, hackers can take control the Bluetooth connection of the targeted device using BlueBorne. Once they successfully exploit the device, they can penetrate the operating system, taking complete control of the device.
But more than exploiting the device, there are lots of concerns, especially on how this malware could easily spread. According to Armis Labs, BlueBorne can easily affect PCs and mobile phones since there is no need to pair the device with the targeted device. This means an affected device can exploit another device within range (max at 32-feet) as long as its Bluetooth connection is active.
As per Nadir Izrael, co-founder of Armis, “Just by having Bluetooth on, we can get malicious code on your device.
BlueBorne abuses the fact that when Bluetooth is on, all of these devices are always listening for connections.” Armis Labs explained that through improper validation, BlueBorne is able to manipulate Bluetooth’s tethering feature to share and data and is able to spread data.
The threat of BlueBorne
With a device infected with BlueBorne already vulnerable to attacks, hackers can use this as a means of delivering malware, virus and other hacking means.
This includes cyber espionage, data theft, and even access to sensitive data among other malicious threats.
As the leading and widely used means of transferring data among short-range communications, the threat of a BlueBorne attack puts an estimated 5.3 billion devices at risk, according to tech website WCCFTech. Aside from computers and mobile devices, BlueBorne is expected to exploit TVs, watches, cars, and even medical appliances.
Armis Labs have already coordinated with major players in the industry to prevent this worldwide catastrophe. For Apple users, upgrading to any iOS 10 version will deflect any BlueBorne attacks. Meanwhile, Google and Microsoft have begun releasing security updates, while Linux is already aware of BlueBorne and will soon release the needed update. Samsung has yet to respond, according to Armis Labs.
