Blueborne Attacks: Billions Of Devices At Risk From Bluetooth Flaws

A number of significant vulnerabilities discovered by security researchers could have wide-reaching implications for just about every electronic device that allows for Bluetooth connectivity, ZDNet reported.

Researchers at the security firm Armis discovered eight separate flaws in the short-range wireless protocol. The attacks, dubbed Blueborne, could allow for attackers and other malicious actors to gain access to the information and activity of Bluetooth-enabled devices.

Blueborne consists of a number of ways to attack a device, the most serious of which would allow a threat actor to gain control over a Bluetooth enabled device and its data. Such an attack could also be spread quickly by transmitting the malicious exploit from device to device through Bluetooth connectivity.

Other attacks would allow attackers to remotely execute malicious code on the device, which could be used to hijack or corrupt a Bluetooth-enabled device. Another security flaw would allow a threat actor to carry out a man-in-the-middle style attack, giving them the ability to intercept data and communications between Bluetooth-enabled devices.

Blueborne poses a significant risk to both individuals and organizations. The attack can be used to hijack a person’s information, or quickly spread through an environment where there is a number of Bluetooth devices such as an office or school.

Adding to the increasing potential for attack is the fact that just about every electronic device includes support for Bluetooth connectivity. Smartphones and tablets manufactured by every major phone maker from Apple to Samsung as well as computers and other devices that are likely to house sensitive personal or business information are all Bluetooth-enabled.

The growth of the Internet of Things also means there are millions of other devices that can be connected to via Bluetooth, from light bulbs and thermostats to refrigerators and cars. All are at risk of being affected by Blueborne vulnerabilities.

The security flaws, which can be executed silently and without detection on most devices, are believed to be the most widespread set of vulnerabilities by the number of devices affected. As many as 5.3 billion devices are considered at risk of the attacks.

As concerning as such an exploit is, consumers should take comfort in the fact that not only are the flaws fixable but some manufacturers have already taken steps to patch the vulnerabilities and keep users safe.

Apple fixed the vulnerability for its devices with an update to iOS 10, which 89 percent of all iOS device users have updated to. Google is patching the problem for devices running Android 4.4.4 KitKat and later, which covers the vast majority of active Android devices. Windows machines also received a patch in July that protects them from the Bluetooth-based attacks.

While these fixes cover most users, those operating on older devices or out-of-date operating systems—a number that still tallies in the millions worldwide—will remain vulnerable with little recourse to prevent against the attack.