Bluetooth hack doesn't require pairing with victims devices — Blueborn

Enlarge Image Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits.                  Josh Miller  CNET

The same flaw exists in Windows, Linux, and some versions of iOS.

To get yourself always protected turn off your Bluetooth soon after using it, but using Bluetooth makes it even more vulnerable so the simple solution to protect your device is not to use Bluetooth at all. The flaws aren't in the Bluetooth standard itself, but in its implementation in all sorts of software.

For more on BlueBorne, check out the video below. This means a Bluetooth connection can be established without pairing the devices at all. An attacker can access your computer, phones, and IoT devices. The firm also advised to leave Bluetooth off for protection against such malicious attacks. Also, attacks exploiting them spread through the air, so it's hard to detect them and are highly contagious. Current Apple operating systems are not vulnerable to the attack, but older iOS systems are.

The experts discovered vulnerabilities allowing BlueBorne attacks in several implementations of Bluetooth, including Android, Windows, iOS, and Linux. Once that is known, the attacker can adjust their exploit and use it to create a Man-in-The-Middle attack and control the device's communication, or take full control over the device. Such an attack could also be spread quickly by transmitting the malicious exploit from device to device through Bluetooth connectivity.

Google releases security fixes for its Pixel and Nexus devices every month and also contributes those patches to the Android Open Source Project.

Armis security has identified a new vulnerability in computers and mobile devices that leaves them susceptible to attack via Bluetooth.

Google is still working on getting the September security patches out the door, but it has posted a security bulletin detailing the changes.

Armis Labs said unlike regular cyber-attacks, a BlueBorne attack can target any vulnerable device that has bluetooth. The most serious one in recent years was fixed in the Bluetooth 2.1 protocol. Almost all vulnerabilities found since were of low severity, and did not allow remote code execution. "The research illustrates the types of threats facing us in this new connected age".

The concern, at the level of this fault compared to HeartBleed in that it forced the device has to provide the confidential information concerning and relating to its owner, is linked to the multiplication of connected devices in the Bluetooth as the speakers portable.

Meanwhile, the flaws don't affect any of Apple's products so long as users are running a device with an iOS version above 9.3.5.

"While patches for smartphones, laptops and other internet-enabled devices are relatively easy to push out, for dumber gadgets the same can't be said". The only pre-condition is that Bluetooth needs to be turned on, and then the hacker can easily connect to the device, take control, and spread malware, all of this without ever letting the user know that his device is compromised.

The authors stated that "We hope this paper will be an initial step for a wider and more inclusive audit of the security issues that might lie dormant in the various Bluetooth stacks that are part of the 8.2 Billion Bluetooth devices that are in use today".

Related News: