Billions of Bluetooth Devices at Risk of Malware Infection

John Lister's picture

The majority of Bluetooth devices could be vulnerable to a malware attack. The attack, dubbed BlueBorne, can reportedly spread to devices without needing any action from the victim.

The attack takes advantage of a bug in the Bluetooth technology itself rather than a specific operating system. At one point this summer an estimated 5.3 billion devices were at risk, running Windows, Android or Linux, as well as Apple devices running systems before the current iOS 10.

Fixing the problem will require patches for specific devices and operating systems. Microsoft has patched the issue already, though didn't reveal doing so at the time. Google has issued an Android patch, but when it reaches individual handsets will depend on both the manufacturer and the cellphone service provider.

32 Feet Radius For Attack

Normally malware can only spread if the victim visits a compromised website or opens a file attachment. In this case, all that's required is that an attacker is within 32 feet of the victim's device for 10 seconds, and that the victim's device has Bluetooth switched on. The malware can spread even if the device is already connected to something via Bluetooth. Even more worrying is that it doesn't require the attacker to pair their device with the victim's - something that would normally require a security code for a Bluetooth connection to work properly. (Source: armis.com)

Exactly how the attack works varies from system to system. With Windows, the malware was able to intercept and modify network data going to or from a computer. Android devices face the same risk.

Meanwhile, with both Android and Linux, the malware could access the device's memory and force it to run code that could damage the device, use it as part of an online attack, or access or delete data stored on the device, including financial information.

Rival Systems Could Slow Spread Of Malware

The good news is that the way the bug works means attackers would have to use code for specific operating systems, including different variants of Android. That could make it trickier to attack a victims as well as making it harder for the malware infection to spread rapidly.

As usual in such cases, the key for users is to make sure they get security patches downloaded and installed as quickly as possible. In the meantime, the only surefire way to avoid the problem is switch off Bluetooth altogether, though a more practical compromise might be to keep Bluetooth off when not actively using it. (Source: theverge.com)

What's Your Opinion?

Do you use Bluetooth and if so, do you keep it switched on all the time? Do you know how quickly your devices receive new security updates and are you happy with that timescale? Had you already heard anything about this problem from your device manufacturer?

Rate this article: 
Average: 4.8 (9 votes)

Comments

mesamike's picture

How would this affect fitness trackers such as the Garmin Vivofit as it uses bluetooth to connect to pc to download tracking info? Does the tracker itself need to be updated or just the software running on the computer?