Securities research firm Armis Labs has identified vulnerabilities in the bluetooth wireless technology that put around 8.2 billion devices – mobiles, desktop, laptop, and the internet of things (IoT) – at risk.
The devices were put on risk despite working on different operating systems that includes Apple iOS, Google Android, Microsoft Windows and Linux.
Dubbed as ‘BlueBorne’, the malicious virus spreads from one device to another via Bluetooth and allows hackers to take control of their devices. Unlike other malicious viruses, the BlueBorne does not require the user to click on a link or download something over the internet. It just spreads if your bluethooth is on. The virus does not even require pairing with target device. It can spread even when the Bluetooth is set as undiscovered.
How the BlueBorne vector spreads
What makes this vulnerability even more critical is how quickly it spreads and goes unnoticed by users. The malicious virus targets the weakest spot in the networks’ defence – the bluetooth, which has no security measure. Spreading from device to device also makes BlueBorne highly infectious. Moreover, since the Bluetooth has access to a lot of data, files and information on all operating systems, exploiting it provides virtually full control over the device.
The BlueBorne attack vector surpasses the capabilities of most attack vectors (ransomware, malware or any malicious code) by penetrating secure ‘air-gapped’ networks, which are disconnected from any other network, including the internet.
How to safeguard your device
The best way to keep your device protected from BlueBorne vector is to update your device with the latest security patches deployed from operating system (OS) developers or original equipment makers (OEMs). Most of the OEMs and OS developers have already started releasing patches to address the vulnerabilities associated with BlueBorne vector.
Another way to protect your device is by switching off your Bluetooth. The device security should be set to allow minimum access to Bluetooth-based services. This is no proper solution but can shield the device till you receive the security patch to address the vulnerabilities.