BlueBorne: 5 Billion Bluetooth Devices at Risk as ‘BlueBorne’ Malware Spreads

Researchers at Internet of Things (IoT) security firm Armis Labs have found “BlueBorne” — a new malware that targets devices via Bluetooth and over five billion such devices globally are at risk.
“BlueBorne” allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices, the researchers noted.

“Bluetooth attacks such as a recent set of attack vectors ‘BlueBorne’ depend on the availability of the Bluetooth device as well as close physical proximity”, said Vitaly Kamluk, Senior Antivirus Expert, Kaspersky Lab, in a statement on Thursday. The new vector spreads through the air and is capable of causing eight related zero-day vulnerabilities, four of which are classified as critical.

It poses threat to major mobile, desktop and IoT operating systems that includes Android, iOS, Windows and Linux and the devices using them. “Regardless of the security features on your device, the only way to completely prevent attackers from exploiting your device is to power off your device’s Bluetooth function when you’re not using it. Not putting it into an invisible or undetectable mode,” Kamluk added.

However, the affected vendors have done a good job releasing patches for the BlueBorne vulnerabilities. Microsoft patched the bug in a July release and Apple's iOS isn't affected in iOS 10. The issue is with Android, which is historically slow to patch vulnerabilities, and will have to work with its vendors to have the patch pushed down. Meanwhile, Google is working on releasing a patch but this can take significant time.