This month the security firm Armis released a report explaining a new threat to personal and network devices called BlueBorne. BlueBorne is an airborne attack which circumvents the need for an internet connection by accessing devices through Bluetooth.
Here’s how it works
BlueBorne scans for devices with Bluetooth enabled and once it finds them, can gain access in about 10 seconds. Once compromised, the device expands the reach of the attack, boosting the signal for the hacker and eliminating the need for the attack source to be within Bluetooth range of potential targets.
By targeting the weakest spot in a network’s defense, BlueBorne increases its potential to be highly infectious. What makes this Bluetooth security vulnerability so dangerous is that airborne hacking with Bluetooth bypasses cybersecurity measures like endpoint protection, mobile data management, firewalls and network security solutions which aren’t designed to monitor Bluetooth.
Additionally, Bluetooth is granted high privileges on all operating systems so exploiting it gives a hacker virtually full control over a device. Since this means of hacking is currently ahead of most protective cybersecurity measures, experts suggest disabling Bluetooth when you’re not using it and to limit the amount of time you do use it.
How to Protect Your Devices
While Apple iOS devices patched this risk in 2016 (be sure to update to iOS 10 if you haven’t) and Microsoft patched the bugs in Windows this July, Google is currently distributing a patch of their own, though it may take a while to roll out.
The real threat, however, comes via the IoT. Many affected devices — including smart TVs, speakers, lightbulbs, refrigerators and even medical appliances — are built on Linux and lack an automatic system to distribute updates.
What makes the BlueBorne Bluetooth security vulnerability new and dangerous is it varies in approach from what we typically associate with computer or device hacking. In fact, this attack method vastly increases risks to personal and professional entities. In order to be affected, you don’t have to click a phishing link or download a virus — you can be exploited without even knowing it. Furthermore, the exploit moves quickly to all connected devices, allowing a hacker to access secure internal networks that are “air gapped” for security purposes. This is not good for industrial systems, government agencies or critical infrastructure.
The best method to protect yourself and your business is to reduce your use of Bluetooth and make sure all your data is backed up. If you’re concerned about what devices could expose your business to this threat, then consider reaching out to an IT security company for an audit of your system and make sure you have an IT disaster plan in place to recover should things turn awry.
As the world becomes increasingly more connected through Bluetooth and smart devices, it’s vital to remember these luxuries are not without risk. Now more than ever, it’s important to keep your devices up-to-date and be aware of which functions or privileges you’re allowing.