On Tuesday, researchers uncovered major Bluetooth vulnerabilities that could threaten billions of devices using the short-range wireless protocol. The vulnerabilities could affect a myriad of smart devices ranging from Android or Apple smartphones to printers, smart TVs and IoT devices.
The IoT security firm, Armis has uncovered a bug deemed the “BlueBorne” attack. The attack vector can wirelessly jump from one Bluetooth device to another in the nearby vicinity, putting an estimated 5.3 billion devices at risk. This treacherous exploit could give cybercriminals to spread malware, gain full access over devices or carry out a ‘man-in-the-middle’ attack. (MITM: man-in-the-middle attack allows a cybercriminal to intercept correspondence, eavesdrop or communicate between two parties who believe they are speaking privately via secure network)
Even worse, the exploit does not require the attacker’s device to be on “discoverable mode” to pair with the intended target. The Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device.”
Google and Microsoft have begun to make patches available to their customers.
Microsoft July security updates: Customers who have the Windows Update enabled automatically are protected. The Disclosure list on The September Microsoft’s Patch includes “Bluetooth driver spoofing vulnerability – CVE-2017-8628,” one of the BlueBorne bugs, as part of the security updates this month.
Apple iOS devices operating on the most recent version (10.x) are safe. Armis believes that approximately 45% of Android phones are “patchable” which leaves roughly 1.1 billion Android devices, that are active and older than Marshmallow (6.x) at risk.