Blueborne: The New Airborne Attack Vector Could Affect 8.2 Billion Devices

Blueborne: The New Airborne Attack Vector Could Affect 8.2 Billion Devices

"Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them", Armis CEO Yevgeny Dibrov said in a statement.

Armis, which has a commercial stake in the IoT security space, warned that the attack vector can be exploited silently.

Most attack vectors require a user to click on a malicious link or download a file containing a payload.

Exploiting the flaws relies on bypassing various authentication methods to take over a device.

When it comes to the Blueborne attacks, the specific vulnerability in this case does vary depending on the system.

"For attackers it's Candyland", says David Dufour, the vice president of engineering and cybersecurity at the security firm Webroot.

When Bluetooth is on in a device, it is constantly open to and waiting for potential connections.

There are several popular phones, which include the Samsung Galaxy devices and Google's Pixel are also found vulnerable, where the BlackBerry phones as well as many other Android devices have been found with the risk of vulnerability.

Anxious your device might be vulnerable? The devices with older versions of Android and Linux could be Vulnerable.

The "BlueBorne" flaws would allow a virus to leap from device to device, regardless of the operating system being used.

Linux updates are still required, meaning any Tizen OS-powered device - such as the Samsung Gear S3 or its range of Smart TVs - are vulnerable. As he makes deliveries to different locations, including relatively secure ones such as banks, BlueBorne is able to spread to multiple Bluetooth devices. The vulnerability affects devices on most operating systems, including those run by Google, Microsoft and Apple. In fact, this attack requires no user interaction at all.

Armis security has identified a new vulnerability in computers and mobile devices that leaves them susceptible to attack via Bluetooth. However, Android's implementation also has an information leak flaw and two remote code execution vulnerabilities.

Now for the good news.

Microsoft has begun sending out security patches to all Windows versions as of 10 a.m., September 12, putting the details available online. The majority of newer phones, tablets, and some computers have already been fixed. "We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates".

Microsoft has released the fix through their Patch Tuesday update on September 12. Windows Phones are not affected.

Armis also said that Bluetooth software offers a larger attack surface than Wi-Fi software does, especially since it's been largely ignored by the security community until now.

The nine vulnerabilities discovered by Armis are now functional and can be fully exploited.

The security firm also said that BlueBorne is based on the vulnerabilities found in the various implementations, and it's anxious that other vulnerabilities may exist on other Bluetooth-connected platforms that it hasn't yet tested. Turns that Bluetooth into a rotten black one. "We feel that there are potentially other stacks affected by similar issues, but future research needs to be done to determine this".

Related News: