There’s a Bluetooth security risk that you should know about. Security experts are advising that unless you absolutely need it, you should turn off Bluetooth. In this blog post I will give a high-level explanation of the latest Bluetooth vulnerability, dubbed BlueBorne, why you should care and a few tips to stay safe.
So why are security experts telling people to turn off Bluetooth on their devices? Because of BlueBorne, “a new attack vector (that) exposes almost every connected device,” according to security firm Armis that recently revealed the risk.
Mobile, desktop and Internet of Things operating systems are all at risk of a BlueBorne attack, including Android, iOS, Windows and Linux and the devices using them.
“The new vector is dubbed ‘BlueBorne,’ as it spread through the air (airborne) and attacks devices via Bluetooth. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure ‘air-gapped’ networks, and spread malware laterally to adjacent devices,” according to Armis.
“Just by having Bluetooth on, we can get malicious code on your device,” Nadir Izrael, CTO and co-founder of security firm Armis, told Ars Technica for this story. “BlueBorne abuses the fact that when Bluetooth is on, all of these devices are always listening for connections.”
The Department of Homeland Security’s Office of Cybersecurity and Communications released a vulnerability note in mid-September about the issue, saying the vulnerabilities, in “worst case allow a unauthenticated attacker to perform commands on the device.”
As this Wired.com story points out, enabling Bluetooth on your device leaves it open and waiting for connections. The hack itself is quick — 10 seconds — and “can even work if the Bluetooth on the victim device is already paired to something else. BlueBorne bugs can allow attackers to take control of victim devices and access — even potentially steal — their data. The BlueBorne attack can also spread from device to device once in motion if other vulnerable Bluetooth-enabled targets are nearby.”
Indeed attackers need to be in range of the device (32 feet or so) to attack. And while there has been some Bluetooth security patching already, “there are still likely plenty of vulnerable devices in any populated area or building,” according to the Wired.com story.
The bottom line? Look to see if a patch has been released for your device and apply it. Otherwise, consider disabling Bluetooth.