Connect with us

Hi, what are you looking for?

HEADLINES

BlueBorne makes billions of devices potentially vulnerable to attack

A new Bluetooth exploit, known as BlueBorne, has been discovered to exploit a number of Bluetooth vulnerabilities, making billions of devices potentially vulnerable to attack, warns Fortinet.

While there is no evidence that such attack vectors currently exist in the wild, it is possible that proof-of-concept exploits exist in labs, or could easily be developed and released in the wild.

BlueBorne is a hybrid Trojan-Worm malware that spreads via Bluetooth. Because it includes worm-like properties, any infected system is also a potential carrier, and will actively search for vulnerable hosts. Unfortunately, vulnerable hosts can include any Bluetooth-enabled device, including Android, iOS, Mac OSX, and Windows systems.

The implications of this threat vector are far-reaching because Bluetooth is one of the most widely deployed and used connectivity protocols in the world. Everything from electronic appliances to smartphones uses it, as do a growing number of IoT devices, including smart TVs, smart car gadgets and even home security systems.

“Tackling the BlueBorne exploit is challenging because Bluetooth is not a communications protocol that is monitored and inspected by most network security tools. Therefore, traditional security devices such as intrusion detection systems will most likely not be able to detect BlueBorne attacks,” said David Maciejak, Director of Security Research, Fortinet. “Since this technology has not really been a focus for security researchers, it is highly likely that we will see an increase in attackers looking to exploit Bluetooth implementations in the future.”

Advertisement. Scroll to continue reading.

To protect yourself and your Bluetooth-enabled devices, you need to immediately do three things:

  • Disable Bluetooth on your devices unless it is absolutely needed. If you turn it on, then turn it off as soon as you are done using it.
  • Identify the devices you own or that are attached to your network. Closely monitor those manufacturers for Bluetooth updates.
  • Patch systems as soon as updates become available. Apple iOS was patched in 2016 with an iOS 10 release. Microsoft issued a patch for Windows this July. And Google is reportedly now working on distributing a patch.

The BlueBorne malware works by scanning for Bluetooth-enabled devices and then probing them to see if they have relevant vulnerabilities.

“Once a target is identified, the hack takes less than 10 seconds, and targeted devices don’t even need to accept an incoming connection in order to be compromised,” warned Maciejak. “Once a device has been compromised, attackers are able to run arbitrary commands on the device and even access and potentially steal data. The attack also immediately begins to seek out and spread to other vulnerable Bluetooth-enabled targets.”

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

FortiAI has now expanded to encompass Fortinet’s entire AI-driven approach across security and network operations, protecting environments, and securing AI models and LLMs.

HEADLINES

The campaigns show attackers are capitalizing on people’s increasing familiarity with completing multiple authentication steps online – a trend HP calls ‘click tolerance’. 

White Papers

IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on...

HEADLINES

Kaspersky participated in 95 independent tests and reviews, with its products being awarded first place 91 times and 92 TOP3 finishes, achieving the highest results among...

HEADLINES

‘Wangiri’ originated in Japan in the early 2000’s. The term describes the modus. ‘Wan’ is a play on the word ‘one’ while ‘giri’ means...

HEADLINES

Smart and its value brand TNT do not send text messages with clickable links. If you receive one—even if it looks like it’s from...

White Papers

n the Philippines, industry players are taking a more proactive approach to building a security framework for digital resilience.

HEADLINES

This marks the company’s first participation in the region’s premier tech event, where it will showcase its groundbreaking cybersecurity solutions to industry leaders, innovators,...

Advertisement