If you haven’t heard of the “BlueBorne” attack vector yet, you probably will in the months ahead. It’s perhaps one of the most invasive, pervasive attack vectors in the history of the internet, and that’s really saying something.
A group of security researchers at Armis Labs discovered a total of eight zero-day vulnerabilities in Bluetooth protocol that would allow a hacker to quietly assume control of any Bluetooth device in range without the user’s input or knowledge.
Worse, the attack could be made to spread like a worm, infecting other Bluetooth devices automatically as they come into range. Literally, all that’s required is that you have Bluetooth enabled, and you’re at risk.
The scope and scale of this threat is staggering. With more than 5.3 billion Bluetooth devices in use right now, and more being added all the time, to say that this is a big problem is a sublime understatement.
Having said that, there are a few bright spots.
First, the big tech companies that support Bluetooth have already begun responding, releasing emergency patches that shore up the security of the protocol and close the loopholes. Second, due to the limitations of Bluetooth technology itself, a hacker would have to be in close physical proximity to you and your device in order to launch the attack. This isn’t something you can do from the other side of the world. You’ve got to get in close in order for it to work.
Even so, given the number of vulnerable devices, and the fact that these are cross-platform vulnerabilities, it’s a worrisome discovery indeed.
The Armis Labs team has created a new app, available on the Google Playstore called “BlueBorne Vulnerability Scanner.” Even if your company is good about installing the latest security patches, you would be well-served to grab a copy of the app and scan your Bluetooth devices to be sure they’re safe.