A new attack targeting devices such as phones, laptops, desktops, and IoT (Internet of Things) devices with Bluetooth could allow someone nearby to take control of your device without you noticing.
Armis Labs, an IoT security research firm, recently released information about BlueBorne which is impacts Android, iOS, Windows, and Linux operating systems with Bluetooth active. Simply having Bluetooth on could allow the attack to occur, and no input is needed from the owner of the device.
How does it work?
You don’t need to click on a link or accidentally download an infected file. Instead, if Bluetooth is turned on, a hacker could take over your device by pretending to be a Bluetooth device. Using a weakness in the Bluetooth protocol, they could infect your device with malware or even access your camera, photos, etc.
This hack is particularly tricky because Bluetooth devices usually connect without requiring any action on your part—so it could happen with you even knowing. Adding to the doom and gloom, your phone doesn’t have to be paired with a malicious device nor set on “discoverable” to get infected. Just having your Bluetooth on poses a risk.
Check out this quick demo of a BlueBorne demo hack:
What devices are impacted?
Armis said it best so, you can check out the impacted devices here.
What should I do to protect my devices?
Check for updates. Information has been sent to the appropriate parties, so updates not currently available should be coming out over the next month or two.
- Microsoft released an update for Windows on September 12.
- Google has pushed some updates for their ‘experience’ phones (e.g. Nexus, Pixel) and notified manufacturing partners that manage their own software updates.
- Apple devices with iOS 9.3.5 and lower and AppleTV devices with version 7.2.2 should be updated to the latest OS version or replaced with a new device that supports iOS 10 or higher.
- Linux – The open source community that maintains Linux is working on a fix, but many IoT devices that use Bluetooth will require manufacturers to release updates.
Would you like to know more?