A newly-discovered Bluetooth vulnerability has well over 5 billion devices at risk – and your device could be one of them.
Bluetooth is one of the most popular communication technologies used today. The technology and its geometric logo (derived from Nordic runes) is an ubiquitous part of most computers and smartphones. Simply put, Bluetooth technology enables wireless connectivity between devices: This could be between the smartphones of you and a friend, hands-free phone connections in the car, and those nifty wireless speakers and headsets.
But there are problems in Bluetoothland. A vulnerability in Bluetooth’s implementation was discovered to have opened up a huge channel for cybercriminals to infect devices, create botnets, and do man-in-the-middle attacks. This vulnerability is an equal-opportunity threat, hitting Android, Apple’s iOS, Linux, and Windows.
The nightmare scenario as described by the Aris security firm – the ones that uncovered the vulnerability – is that of a package delivery man going to the bank. He walks into a normally secure area, and silently begins infecting those within range – it could be 10 meters, it could be more. The victims don’t need to click or do anything – they only just need to have the Bluetooth function on their devices turned on.
This risk was serious enough to have developers quietly working on eight separate patches for a few months. The good news is that the patches are now here. Microsoft released its patch back in July, so your PC should be secure. Android, Apple’s iOS, and the Linux kernel also were patched according to the US Computer Emergency Readiness Team. The big question is over Android devices and the complicated schedule for vendors to push out updates. Aris estimates that 40% of devices will actually never get this update.
For the end user, BlueBorne – as the researchers at Aris have dubbed this attack vector – has two simple lessons.
- Stay updated. When your device says updates are ready for you – do it. And while these updates to the operating system are usually automatic, having a software updater to keep your device and apps in condition is a good idea.
- Turn it off. Don’t run around with the Bluetooth feature turned on. Keep it off until needed.