Q: How safe is the Bluetooth connection which we all use and can someone compromise my Bluetooth-enabled device using Bluetooth connection and what do I need to do about the new Bluetooth security issue “ BlueBorne ”?
A: Bluetooth connections are safe if all necessary precautions are taken before getting connected. In a recent security research published by Internet of Things ( IoT ) security company, Armis Labs, revealed a new way that many Bluetooth-enabled devices can be compromised and exploited dubbed “BlueBorne.” The potential threat exists for Android, iOS, Windows and Linux devices as well as many common household gadgets often referred to as IoT (Internet of Things) devices which could be toasters, refrigerators, ovens and coffee-makers!
The name “BlueBorne” was used to reflect the attack method, which is through the air( airborne and as the attack vector was using Bluetooth , the name became BlueBorne ), targeting the very common Bluetooth connection. What makes this particular attack so disconcerting is that it doesn’t require the you to do anything in order to become a victim; if your Bluetooth option on your device was turned on, then you could have been a potential target.
The exploit simply ‘bullies’ or forces its way into connecting without the usual pairing process that we’re all used to performing when connecting via Bluetooth. Once a remote attacker gains access via the BlueBorne vulnerability, they can do just about anything they want to the device without the user ever seeing anything happening.
The biggest risk is to users with older mobile devices running older operating systems. iPhone and iPad users that are running iOS 9.3.5 or lower are vulnerable (Apple fixed the vulnerability with iOS 10 and higher). Android users have a more complicated path to figure out whether they are vulnerable because there are so many variations of the OS that can be impacted by both the phone maker and your wireless carrier.
To make things easier, Armis has created a free app called “Armis BlueBorne Scanner” which is available in the Google Play store. Once the app is installed, you simply click on the “Tap To Check” button to scan your device for the vulnerability. If your device is deemed safe, the app will provide an option to “Check Devices Around Me,” which when tapped will scan your immediate environment for potentially vulnerable devices (which could include your neighbors devices if you are close enough).
There are some steps to protect yourself from this attack. As this is majorly an issue of older operating systems, so making sure you have the most recent updates on all your devices will be all the protection you need. A quick way to check for available updates on most mobile devices is by going to the “Settings” menu and either look for a software update or check the “General” or “About Device” menu for the update option. If for any reason you can’t get an update for your device to fix this problem, turning off the Bluetooth option, especially when you’re in a public setting would be advisable until you do get it updated.
The good news on this threat is that it requires the attacker to be relatively close (less than 30 feet) and we are yet to see this attack being used “in the wild.” Because this attack is so stealthy, it’s not out of the realm of possibility that—since it’s now a known attack method—it will start being used without victims knowing that it’s happening. Make sure you have the most current update on all your Bluetooth enabled devices to best protect yourself. Eventhough the initial attack targets could have been Amazon Echo and Google Home, both companies have already provided updates to address this threat.
IoT (Internet of Things) devices are no longer a negligible threat. They are becoming a cornerstone in every corporate environment and network. These personal assistants are increasingly popular with businesses. The Wynn Hotel in Las Vegas announced it will install an Amazon Echo in every room on the premises. The Best Western and Marriott hotels are considering doing the same thing, which will provide productivity and potential risks to consumers and business travelers. This trend which will only increase in coming years. IoT devices are not only more prevalent today, but also subject to more attack vectors, with virtually no protection. The airborne attack vector is posing a severe threat to all IoT devices, and is completely overlooked by traditional security measures. Aside of BlueBorne, new Wi-Fi vulnerabilities were found in Broadcom’s chips (Broadpwn), as well as in the WPA2 protocol itself with the most recent Krack Attack. Users and businesses should treat IoT devices like any other device in their network, and implement proper protections.
– Sangameswaran Manikkayam Iyer Venkiteswaran (Cyber Guru) – A Solution for all your cyber security issues
