Billions of devices impacted by new Bluetooth attack

By Shawn Knight ยท 11 replies
Sep 12, 2017
Post New Reply
  1. Researchers at Armis Labs on Tuesday detailed a new attack vector which they claim can potentially affect all devices with Bluetooth capabilities.

    Armis, a firm that focuses on Internet of Things security, is calling it BlueBorne.

    The attack vector reportedly allows an attacker to take complete control of a device, access corporate data and networks, infiltrate “secure” air-gapped networks, create large botnets out of IoT devices and more. It’s also highly infectious and can spread malware to nearby devices.

    Armis says it affects computers running Windows and Linux as well as IoT gadgets and mobile devices powered by Android and iOS.

    Bluetooth is one of the most popular wireless communications standards on the block. The technology has found a serious following in recent years with the advent of mobile devices.

    In total, nearly 5.3 billion devices are vulnerable.

    Perhaps what’s most alarming about BlueBorne is the fact that a target device doesn’t need to visit a specific website, download an infected file or even pair with another device to become a victim. So long as Bluetooth is enabled, a hacker can gain access and wreak havoc. Worse yet, all of this can be done without a user’s knowledge.

    Armis also disclosed eight related zero-day vulnerabilities, four of which are considered to be critical in nature.

    A list of affected devices can be found on Armis’ website.

    The company said it has already reached out to major companies including Google, Microsoft, Apple, Samsung and Linux to ensure a coordinated response.

    Permalink to story.

  2. davislane1

    davislane1 TS Grand Inquisitor Posts: 5,051   +4,084

    If your car suddenly tries to veer off the road or into oncoming traffic, make sure to wrap the center console in tinfoil as fast as possible to save your life. It's the only way to prevent Bluetooth murder.
    That Other Guy likes this.
  3. namesrejected

    namesrejected TS Guru Posts: 398   +301

    Aww! Tell us how to use it!
  4. Adhmuz

    Adhmuz TechSpot Paladin Posts: 1,854   +652

    So simple solution just turn off Bluetooth on all your devices until it's patched? Easy, I don't use that **** anyways.
  5. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,278

    Better still is to sell your fancy ride and buy a 90's/80's or earlier model car instead. That will be a 100% guaranteed hackproof solution.
    JamesSWD likes this.
  6. GreenNova343

    GreenNova343 TS Maniac Posts: 263   +161

    Guess that leaves all of those people with the newer smartphones that lack a physical headphone jack completely out of luck. Glad I stuck with my iPhone 6...
  7. maxxcool

    maxxcool TS Rookie

    .. click bait ..

    Windows is already patched
    Macos is already patched
    Nexus devices are already patched
    all devices shipping with 7.1.xx android all already patched
    all IOs devices are already patched

    the only people at risk are those with pre-7x android and *****s using hacked OS's they CANT update beauce they are illegal copies.
  8. tonylukac

    tonylukac TS Evangelist Posts: 1,372   +70

    The first day I got my new subaru last year the radio got infected by a virus from my phone. I believe the chickfilet app on the phone did this. The radio console would reboot and the virus was gone, then get reinfected from the phone each time. The music wouldn't stop, so it didn't get deep into the car. Removed the app from the phone and just don't use bluetooth in the car. By the way, the firmware source code is available and I may modify it sometime, but I won't give you a ride after that. The automatic trans, which subaru is new at, has some idiosyncracies in its firmware like slow acceleration until a 5 minute warm up passes, so this is enticing to remove. Wild programmers were let loose on it to do their "genius."
  9. Theinsanegamer

    Theinsanegamer TS Evangelist Posts: 1,079   +1,100

    Annnnd what about all the things those phones CONNECT to? What about all the IoT devices, or cars with bluetooth, or all the android phones that HAVENT got the update yet (most of them)? Android 7 is only 15.8% of the market, and even many of THOSE have yet to be updated (my moto z play has not seen an update, neither has my coworkers samsung S8).

    that is a MASSIVE number of devices, and in the case of the android phones, IoT devices, and cars, will most likely never be patched properly. Ford has sold over 2 million F150s with bluetooth in them since 2011 in the US alone. 2 million vulnerable cars, from one manufacturer, in one single segment, in just ONE country.

    Far from "click bait".
    MannerMauler likes this.
  10. JamesSWD

    JamesSWD TS Addict Posts: 218   +143

    Plus the added benefit of no tracking of your movements, driving habits, and other telemetry reporting being saved and/or sent back to the manufacturer or law enforcement. I really hate today's cars and all their privacy invading tech. Can't even have anonymous sex in the car anymore with any privacy.
    Skidmarksdeluxe and davislane1 like this.
  11. davislane1

    davislane1 TS Grand Inquisitor Posts: 5,051   +4,084

    Honestly, the invention of carriage suspension ended that several centuries ago.

  12. Joe Blow

    Joe Blow TS Addict Posts: 216   +74

    If you want security, go wired. It's that simple.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...