Yesterday reported by Verge that Armis Security company has found a new loophole in Bluetooth technology which can be exploited to initiate a remote attack on millions of devices, the Bluetooth vulnerability dubbed Blueborne. The hack masquerades a Bluetooth device and exploits weaknesses in the protocol to inject malicious code, which has a reminiscent of Broadcom Wi-Fi attack found earlier this year. Some of the Wi-Fi hacks were also reported earlier in which CIA was involved, Virgin Media UK also faced the threats after they asked customers to change their passwords.
The Bluetooth attack is almost similar to WiFi and Router attacks, Bluetooth devices inherently have higher levels of privileges in most of the operating systems, therefore, the attack is lethal and can be executed without any input from the user. The only thing needed is the Bluetooth device has to be turned on, the Blueborne attack doesn’t require paired with a malicious device or even set to discoverable mode.
iPhone running on iOS 10 are prone to this attack, Microsoft released a patch to fix the bug in July but the Android devices are the most vulnerable in this regard. Google said it has sent a fix to device-manufacturers, now the phones are dependent on manufacturers to install the patch.
Google also sent patches directly to pixel devices, prior to that, Armis was able to demonstrate an attack on pixel device running malicious software remotely without the permission of the user.
However, there are many limits to attacks, the exploits can vary from system to system, there is no single virus that can target the vulnerable device at scale, Bluetooth itself creates limits, the attack can only target the devices in range and with Bluetooth turned on.
The Linux and Android devices are still vulnerable despite the limited attack; Bluetooth has lots of known vulnerabilities in it which can be used to target specific devices.
To get yourself always protected turn off your Bluetooth soon after using it, but using Bluetooth makes it even more vulnerable so the simple solution to protect your device is not to use Bluetooth at all. Bluetooth speakers, headphones and other devices are getting more popular these days leaving Bluetooth bugs more powerful for hackers.