Over 5 Billion Bluetooth-Enabled Devices are vulnerable to a new attack vector called “BlueBorne”

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn13

Security researchers from Armis have discovered a new Bluetooth vulnerability that could probably expose billions of devices to remote attack. They called the attack “BlueBorne“.

The attack doesn’t need device victims to click on any links, connect to a rogue Bluetooth device, or take any other step. The exploit process is generally so quickly, needing no more than 10 seconds to perform, and it runs even when the targeted machine is already connected to another Bluetooth-enabled device.

According to the Armis Labs:
Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spreads via the air and attacks devices via Bluetooth. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware to other devices. “

The attack does not need the targeted machine to be set on discoverable mode or to be paired to the attacker’s device. In addition, the targeted user is not asked to authorize or authenticate the connection to the attacker’s device.

The easiest way to protect yourself is to turn Bluetooth off, but since mobiles are still vulnerable when they are connected to a Bluetooth device, the only suggestion is not to use Bluetooth at all. Also, you can check if the device is vulnerable or not by downloading the BlueBorne Android App from the play store.

 

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn13

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply