BlueBorne Threatens Billions of IoT Devices with Complete Takeover

Share

"Previously identified flaws found in Bluetooth were primarily at the protocol level", he added.

In short, install the latest updates for everything, and unless you're sure that your devices have been updated with a fix, it might be a good idea to turn off Bluetooth for now.

Zack Whittaker, security editor for ZDNet, had this to say about its nature. "It's a hop, skip, and a jump to start doing bad stuff". Given BlueBorne's widespread threat profile, Armis Labs took it upon itself to notify some of the biggest tech manufacturers about the attack vector and the eight zero-day flaws of which it consists.

Of the 2 billion devices using Android, about 180 million are running on versions that will not be patched, according to Armis. Microsoft is planning to roll out security patches today that address the issue, so be on the lookout for your particular version of Windows. Dubbed BlueBorne, it affects almost all devices with Bluetooth capabilities, including smartphones, TVs, laptops, watches, smart TVs and some automobile audio systems. However, the company still warns users who are on older versions of iOS that they're at risk. Or even if they do, they rarely receive them in practice.

Naturally, the discovery of the vulnerabilities was shared months ago with the likes of Google, Microsoft, Apple, Samsung, and the Linux kernel security team.

Discovered by Armis Labs, this new threat applies to mobile phones, computers, and IoT devices. "Our assumption is there are probably a lot more". The researchers have informed Microsoft, Google, Linux, and Apple about the new "BlueBorne" attack, and some of these companies have even rolled out patches for it. This means a Bluetooth connection can be established without pairing the devices at all. Now all of them are open to attack simply by just being there and being enabled, allowing hackers to easily take control of a device and, consequently, of other devices connected to it.

Apple Watch Series 3 launched with LTE, GPS and more
The watch will allow you to play 40 Million songs right off your wrist which you can listen to via the earpods. Users will be able to add their Watch 3 to their iPhone plan, meaning both devices will share the same number.

Mike Myers In Talks To Join Queen Biopic 'Bohemian Rhapsody'
Fox and New Regency are making Bohemian Rhapsody , and with Graham King and his GK Films producing with Tribeca and Queen Films. The movie reportedly chronicles the band's years leading up to that Live Aid performance, which revitalized Queen's career.

Yankees' Sonny Gray pays for mistakes with lack of support
Maybe the online tough guys had their moment, but Sabathia had the last laugh, pitching well and well past his prime. The weather was ideal , not hot enough to make the hulking pitcher burn out, not too cold to make him cool off.

BlueBorne targets computers, mobile phones, smart TVs, digital assistants, smartwatches, sound systems, and medical devices.

Bluetooth is a wireless communication protocol for connecting devices over short ranges. It spreads locally via Bluetooth, and the hacker does not need to pair with the device to infect it. Such an attack could also be spread quickly by transmitting the malicious exploit from device to device through Bluetooth connectivity.

And that is a fitting segue to this week's news about devices with Bluetooth capabilities. BlueBorne does not even require an Internet connection.

"I hope our efforts with BlueBorne help other researchers examining Bluetooth implementations see what potential issues need to be looked at", Seri said.

The Bluetooth attack is nearly similar to WiFi and Router attacks, Bluetooth devices inherently have higher levels of privileges in most of the operating systems, therefore, the attack is lethal and can be executed without any input from the user.

"In some areas the Bluetooth specifications leave too much room for interpretation, causing fragmented methods of implementation in the various platforms, making each of them more likely to contain a vulnerability of its own", the company said.

Share