By now, you may have heard a little about the BlueBorne Bluetooth vulnerability that billions of devices are exposed to. Even if you haven’t actually paired with another device, many of us leave Bluetooth active on our phones, which leaves them vulnerable to BlueBorne because it doesn’t even need to pair with the handset to take control of it. Scary, right? An IoT security company called Armis Labs first discovered ‘BlueBorne’, and has also published an app that you can download to check if your handset is vulnerable to this latest attack.
BlueBorne doesn’t discriminate, the flaw is present in Android, Windows, Linux, and iOS, although version 10 of Apple’s mobile OS would appear to be unaffected. Armis Labs discovered 8 vulnerabilities, listing 4 of them as critical. Two of these are of the remote code execution variety that allows a handset to be completely controlled without the users’ knowledge. It doesn’t matter if your device is connected to the internet, if your handset has Bluetooth enabled, it’s ripe to be taken over. Once it has taken control, it’s free to install malware, pilfer your sensitive data, launch apps, you name it. As you can see demonstrated in the video embedded below where a Google Pixel is taken over without the user noticing.
Take a deep breath. As you would hope, Google is working on fixes the vulnerabilities, with a bunch of patches being posted in AOSP. The September Security Patch will contain all the necessary fixes to ward off the ‘BlueBorne’ attack. On the downside, for those of us not using a Google handset, it isn’t quite so clear-cut. Some brands aren’t very good at keeping their devices up to date with the latest security patches. Take my Huawei Mate 9 as a case in point, it’s still running on June’s security patch. The sad thing is that Samsung and others are just as bad, and many are worse. At the very least, it’s probably worth taking a few seconds to check if there is an update available, and if there isn’t, and your smartphone is less than two years old, call the brands support line and make your voice heard.
You don’t have to sit and wonder if your handset is one of the billions of devices vulnerable to the BlueBorne attack, Armis Labs has published an app you can download from the Play Store that will check if your handset is one of those that is vulnerable to attack. Let’s face it unless your phone has the September patch, there is a very good likelihood that it will be susceptible. Still, you can download the app from here. The app can also scan any devices within range of your handset to see if they are also in danger from BlueBorne. And don’t forget, if your phone is running the September Security Patch, you have nothing to worry about.
Download it here: BlueBorne Vulnerability Scanner (Play Store)
Source: Armis Labs