A new exploit has again surfaced and it targets pretty much all Bluetooth-enabled devices. Here’s how you can keep your device safe and protected.
Table of Contents
What is BlueBorne?
BlueBorne is an attack vector that a hacker can use to penetrate a Bluetooth-enabled device.
It is dependent on eight security vulnerabilities that are present in billions of Bluetooth devices. One of the critical security vulnerability present is – CVE-2017-14315.
A skilled hacker can use this exploit to perform a “drive-by” attack on your smartphone, smartwatch, or computer.
Once the hack is complete, the hacker can install malicious software, access photos and other user data, and even remotely control your device.
Since this exploit works only via Bluetooth, the target device must have its Bluetooth enabled at all time for the attack to become successful.
Moreover, the range between the hacker and the target device must be inline with the Bluetooth range (10 meters).
It can also be utilized to jailbreak or gain root access on devices running iOS 7, 8, and 9.
How BlueBorne works
Here’s an in-depth explanation of how an attack takes place –
- Hacker comes in the vicinity of the target device.
- The target device has Bluetooth running.
- Hacker connects to the target device and initiates the attack.
- A malicious app is then installed that compromises target’s security.
The BlueBorne attack is limited to installing a malicious app. The actual breach takes place after that malicious application has been injected into your device.
The hacker can then use it to access all your photos, videos, bank details, and other user data over the internet.
Here’s a live demonstration of the BlueBorne attack vector being used to hack a Google Pixel.
A general-purpose worm that targets all devices on every operating system individually doesn’t exists yet. Thankfully, it will still take some time for hackers to develop it.
As of now, a hacker must tailor his exploits to your specific device and firmware version.
Which devices are vulnerable to BlueBorne?
Here’s the list of all vulnerable firmware versions and devices for all popular operating systems.
iOS
- iPhone, iPad, and iPod touch running iOS 9.3.5 and below
tvOS
- Apple TV running tvOS 7.2.2 and below
Android
- Google Pixel
- Samsung Galaxy
- Samsung Galaxy Tab
- LG Watch Sport
- Others
Windows
- Vista
- 7
- 8
- 10
Linux
- All devices running the BlueZ Bluetooth protocol stack
- All devices running 3.3-rc1 or later versions
How to protect your device from a BlueBorne attack
Unfortunately, the security vulnerabilities are now in public domain and blackhat hackers can access it freely. It’s only a matter of time until someone develops an exploit using BlueBorne and distributes it on hacking forums.
Here’s how you can keep your device protected at all times.
Update your operating system
All notable manufacturers have already fixed this vulnerability or will be releasing updates soon. The best way to stay secure is to install the latest updates on your Android, iOS, Windows device.
iOS 10 firmware update already patches this vulnerability and hence you must upgrade as soon as possible.
If you own an Android device, you can use the following app to detect this vulnerability.
For those of you who own a jailbroken iOS 9 device, can use the following fix or wait for an appropriate Cydia tweak.
Disable Bluetooth
No Bluetooth, no hacking! BlueBorne depends on whether or not your Bluetooth is active. Hence, it will work regardless of your device or operating system.
If you disable it, no hacker can initiate any kind of attack. A lot of users who are on iOS 9.3.5 firmware or below must keep their Bluetooth disabled whenever they are in public places and only enable it when absolutely necessary.
For more security news and updates, subscribe to our social channels.
