A security firm has just discovered a new vulnerability which can leave devices exposed and easy to attack from a distance. The attack is known as Blueborne, and it disguises as a Bluetooth device. Once connected to the device, it takes advantage of protocol weaknesses, and starts performing malicious code.
The most serious Bluetooth exploit ever encountered
This is serious, since Bluetooth has priority in most devices, and might work even if the user doesn’t do much. For Blueborne to work, devices don’t even need to be paired with the source of the attack. Once they have their Bluetooth activated, they are automatically at risk, and this applies even if they are not on the discoverable mode.
Armis, the security firm which identified the vulnerability, said this is the most serious Bluetooth attack it has ever seen.
“These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.”
The virus has its own limitations
Fortunately, iPhones which are already running iOS 10 are safe. Also, Microsoft released a patch to fix the problem in July. However, Android devices remain at risk. Google claims to have sent a patch to all manufacturers, but it depends on them when they will actually reach the phones.
However, the attack might not work universally under the same form, as it has its own vulnerabilities. The way in which the exploit works varies from one operating system to the other, and it would be difficult to write a virus for each device.
Also, since it works via Bluetooth, it comes with the limitations associated with it. Hackers can reach devices which are only placed within its range, and only those who have their Bluetooth turned on. Even so, this vulnerability is one of the surest way to reach a specific target, be it Blueborne or a more general similar exploit.
Image Source: Wikimedia Commons