There is a new Blueborne attack that has been found in millions of Android and iOS devices. This new attack exploits a Bluetooth vulnerability, which could lead to remote attacks. Armis Security just released information about the new Blueborne attacks, warning people about how malicious code could be deployed. If you have an iOS or Android device, read on to learn about the new Bluetooth vulnerability and how you could potentially be impacted by this issue.
Blueborne Attacks Using Bluetooth Vulnerability on Smartphones
The new Blueborne attack is found within a Bluetooth vulnerability, which is potentially impacting millions of Android and iOS devices. The new Blueborne attack is possible because it will pretend to be a Bluetooth device. From there, weaknesses are exploited from within the protocol.
Once that happens, malicious code is deployed. It is very similar in terms of the attack to how the Broadcom Wi-Fi attack worked. The biggest issue is that the Bluetooth devices often times use higher privileges, which then leads to these attacks happening without the user having any input.
You do not have to set your device in the discoverable mode either. Even worse, you do not even have to pair with the malicious device for the Blueborne attack to happen. The good news though, is that as long as you are running iOS 10 or higher, you will not be impacted by this Blueborne attack. Microsoft even put out a patch for this issue back in July, so Windows is also protected as of now. The only system that is really at risk for the Blueborne attacks is Android. The reason why Android is still very vulnerable to this particular attack is that a lot of partners have not deployed the patches necessary to fix the problem.
Android Most Vulnerable to Blueborne Attacks
Due to the issues with getting partners to issue the necessary patches, the Android devices are the ones most vulnerable to the Blueborne attack. Google even sent out a statement saying that over a month ago, it released the patches to the device manufacturers. The manufacturers are the ones that need to release the patch to fix the issue, and most manufacturers have yet to release those patches to the impacted devices.
Google did directly send out a patch to the Pixel devices, which means that Pixel should not be impacted by the Blueborne vulnerability. This patch was released for every Pixel device running Android KitKat and above. The only people using a Pixel that could be affected are those running under Android KitKat, which should be a very small minority at this point in time.
Armis Security also pointed out that it could deploy the Blueborne attack on Pixel, but that was before the patch was applied to the device. Armis Security was able to run the software remotely without the user permission, which is definitely a bad sign. This was on the unpatched Pixel device though, and it does not seem that it can be recreated on a device with the patch installed. The Blueborne attack itself has a number of limitations to it.
Blueborne Attack Limited to Certain Devices
When it comes to the Blueborne attacks, the specific vulnerability in this case does vary depending on the system. That means from Android to iOS and Linux, the exploit will be different and it will work in different ways. This means that not all vulnerable devices will have the same exact virus.
That also makes trying to patch or prevent the vulnerability that much more difficult. The Bluetooth feature itself also works to limit how the Blueborne attack works even more. The devices can only be targeted if they are in the hackers range. Another limitation is that the Bluetooth itself has to be on in order for the device to potentially be impacted by Blueborne.
The best way to protect yourself from the Blueborne attack is to keep the feature off and try not to connect to it. You should only connect when you are in a safe and secure place, which means do not connect to Bluetooth if possible when you are out in public. Blueborne attacks could be more popular in the coming months and years as cheaper Bluetooth devices are manufactured. You also can protect yourself by downloading and installing all patches as they are released for your device. With Android, that might be easier said than done though since a lot of that depends on the manufacturers.