Blueborne Bluetooth Export

Security is one of the most important topics we discuss here at Android Unfiltered. Just ask the folks at Equifax, if you don’t believe me.

And now, according to the security firm, Armis Labs, there’s yet another risk we need to look out for. The new vulnerability, known simply as BlueBorne, is a major threat to just about anyone using any type of modern technology.

 

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device or even to be set on discoverable mode.

How BlueBorne works

BlueBorne is nefarious in many ways. It spreads through the air and targets the only area in your network that no security measures to date protect: your Bluetooth devices. It spreads from device to device through the air, making it highly infectious.

To make matters worse, the Bluetooth process has high privileges on all operating systems. As such, exploiting said process provides the attacker with full control of the infected device.

Do I need to keep going to let you know that the risk is real here? Here’s a video that shows exactly how the attack plays out on a Google Pixel smartphone. Perhaps this will sway you if your answer to my previous question was “yes”.

Who does BlueBorne affect?

In short: pretty much everyone. If you’re reading this now, there’s a good chance you own at least one Bluetooth device.

The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use. This means almost every computer, mobile device, smart TV or other IoT device running on one of these operating systems is endangered by at least one of the eight vulnerabilities. This covers a significant portion of all connected devices globally.

What can you do to protect yourself?

Again, the short and sweet answer here is: turn your Bluetooth off when you’re not using it. But what about when you ARE using it?

Current security measures, including endpoint protection, mobile data management, firewalls, and network security solutions are not designed to identify these type of attacks, and related vulnerabilities and exploits, as their main focus is to block attacks that can spread via IP connections.

Be safe out there, kids. Your personal information is valuable. If you don’t think it is, someone else with evil intentions will.

Source: Armis Via: LifeHacker