Security

Critical Bluetooth flaw could put nearly every connected device at risk of cyberattack

The vulnerability, discovered by Armis Labs, is an airborne attack targeting Android, iOS, Windows, and Linux devices. It would allow hackers to take complete control of the device.

A new attack vector called BlueBorne could put billions of connected devices at risk of a cyberattack, according to research from Armis Labs. According to an overview post, BlueBorne puts mobile, desktop, and IoT devices running Android, iOS, Windows, or Linux at risk.

"The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today," the post said.

Using BlueBorne, hackers can attack Bluetooth-connected devices over the air, without the device even being paired to the attacker's device, the post said. Once successfully penetrated, the attacker gains full control over the victim's device.

SEE: How to build a successful career in cybersecurity (free PDF)

So far, Armis Labs has identified eight zero-day vulnerabilities associated with BlueBorne. However, as noted in the post, the firm believes there could be "many more" vulnerabilities waiting to be discovered. BlueBorne can conduct remote code execution and Man-in-The-Middle attacks, for example, the post said.

Because BlueBorne is airborne, and can spread from device to device, it is considered "highly infectious" by the researchers. It's airborne nature also means that it is often targeting the weakest spot in the defense strategy for most modern networks, the post said.

The method through which BlueBorne spreads allows it to infect air-gapped networks as well, which was a major concern for the researchers. Additionally, it takes minimal effort on behalf of the attacker, requires no victim interaction, and can remain undetected in many systems, the post said.

"Unfortunately, this set of capabilities is extremely desireable to a hacker," the post said. "BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices like the Mirai Botnet or mobile devices as with the recent WireX Botnet."

Armis Labs researchers contacted Google, Apple, Microsoft, Samsung, and the Linux security team to discuss the vulnerability. According to the firm, many of these companies have already released patches for the flaw.

For more information on BlueBorne, including a technical overview, check out Armis Labs' post or its technical white paper.

The 3 big takeaways for TechRepublic readers

  1. A new attack vector called BlueBorne, discovered by Armis Labs, could put almost every Bluetooth-connected device at risk of being hacked.
  2. BlueBorne attacks occur over the air, can affect air-gapped networks, and give the attackers full control over the victim's device.
  3. Many companies have released security patches that cover BlueBorne, and users should make sure they have updated their devices to implement the patches.

Also see

btsec.jpg
Image: iStockphoto/evryka23

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox