Headlines:

The "BlueBorne" exploit could affect more than 8 billion devices

A new vulnerability in computers and mobile devices that leaves them susceptible to attack via Bluetooth was discovered by Armis Labs security. "BlueBorne" doesn't require user permission to connect over the air and access networks or install malware.

BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks. Spreading from device to device through the air also makes BlueBorne highly infectious. A number of over 8.2 billion devices worldwide was estimated at vulnerable..Apple's iOS beyond version 9.3.5 are particularly vulnerable but that exploit was ironed out in iOS 10

Bluetooth
Bluetooth

That is why Microsoft released now an update to all Windows versions that closes the vulnerability. For its part, Google released protective patches for Nougat (7.0) and Marshmallow (6.0) as part of its September security update. Unfortunately, Armis informed Linux device operators of the vulnerability very late, last month. So at this time anything running BlueZ are vulnerable to one of the vectors, while those with Linux version 3.3-rc1 can be attacked by another. Samsung's Gear S3 smartwatch, its smart TVs and family hub are included. The good part however: in all situations, BlueBorne is bound by the signal frequency's short range, and only affects devices with Bluetooth turned on. Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical.

Comments