Electronic devices are generally vulnerable to security attacks. The devices are safe only until the day a hacker somewhere discovers a vulnerability in the device.
The security firm Armis has detected a new security attack, which is dubbed as BlueBorne. Announced last week, the BlueBorne vulnerability affects devices using Bluetooth. It is a Bluetooth based attack that exposes almost all Bluetooth connected devices.
Without any further ado, let’s understand what exactly is BlueBorne and why are OEMs sending BlueBorne security patch for Android devices.
What is BlueBorne?
BlueBorne, in simple words, is an attack vector that attacks devices via Bluetooth. Any Android device with Bluetooth enabled is vulnerable to this attack. Now you may be wondering what an attack vector is.
An attack vector can be defined as a path or a technique by means of which a hacker or an unauthorized person can gain access to a device or a network in order to carry out their mischievous work. In the case of BlueBorne attack, the attacker uses Bluetooth devices or Bluetooth path to attack various devices in its path and then takes full control of target devices.
Check out: Cool hidden features of your Android device
The “BlueBorne” vector is named as such because it attacks devices via Bluetooth (Blue) and spreads through the air (airborne). The BlueBorne attack is extremely dangerous as it is carried over Bluetooth that is present in most of the gadgets today, which means it can affect ordinary things like computers, mobile phones (Android, iOS, Windows) etc. And the worst part, the attacker can gain access to your device via Bluetooth without even pairing to the device. All the attacker needs is that the Bluetooth should be turned on – it doesn’t even require to be set to discoverable mode.
Further, it can spread on its own from device to device. Suppose BlueBorne attacks your device and if there is a nearby device with Bluetooth on, the BlueBorne vector will automatically attack that device and so on.
How the BlueBorne Attack Vector works
The BlueBorne attack vector has following stages:
- The attacker first locates active Bluetooth connections around them. By active connection we mean, Bluetooth should be turned on, that’s it. No pairing required, no discoverable mode, nothing. The only requirement is Bluetooth should be on. Further, it can be any Bluetooth connection – Windows PC, Android Phone, iOS – anything that has Bluetooth.
- When the attacker locates a target device, he/she obtains the device’s MAC address, which is a unique identifier of that specific device for network connections. The attacker then determines the operating system of the target and targets his exploit accordingly.
- Next, the attacker will exploit the vulnerability in the Bluetooth implementation on that operating system and hence, gains access to target’s device. Similarly, the process continues for other target devices in its path.
It’s important to mention here that the flaws aren’t in the Bluetooth standard itself, but in its implementation in different types of software such as Windows, Android, Linux, iOS etc.
Which devices are affected by BlueBorne vector
Long story short, the BlueBorne vector can potentially attack all devices with Bluetooth. But, yes, of course, the Bluetooth should be turned on, that’s the only requirement. Bluetooth is a short-range communication protocol present in all major operating systems (Windows, Linux, iOS, Android). It is also present in some TVs, watches, cars and even medical apparatus.
On Android devices, you can check if your device is vulnerable to BlueBorne by installing this app.
Why is it dangerous?
Here are the reasons why BlueBorne is extremely dangerous:
- The BlueBorne attack vector requires an active Bluetooth connection only. There is no need for active “pairing” or “discoverable mode”.
- The BlueBorne attack vector requires no user interaction. The hacker can completely take over your device without you tapping any link or taking any action whatsoever.
- The BlueBorne attack is not limited to a particular operating system or a device. It can attack any device with Bluetooth capability. The vulnerable devices are estimated to be more than 5 billion devices.
- It is invisible and can spread from device to device through the air. Unlike other attacks that usually spread through the internet, BlueBorne spreads through the air. Since the attack spreads through the air, it is much more contagious and spreads through minimum effort.
- The traditional security methods do not protect from airborne threats and as such, BlueBorne remains undetected.
- Bluetooth is one such component that usually has access to all components of the operating system. Meaning, if a hacker exploits it, they can take full control over the device.
How to secure your Android device from BlueBorne attack
Major OEMs have already sprung into action and are releasing a new security patch update that will secure your device from BlueBorne vulnerability. Most of the OEMs will send the patch along with September security patch for all Android devices going forward with a fix for BlueBorne vulnerability.
Below is a list of Android devices that have thus far received a patch BlurBorne vulnerability:
- Pixel XL
- Pixel C
- Nexus 5X
- Nexus 6P
- Nexus 6
- Nexus 9
- Galaxy Note 8: T-Mobile, Sprint and Verizon
- OnePlus 3, OnePlus 3T
- Samsung Galaxy Note 4 (Verizon, Sprint)
- Samsung Galaxy Express Prime
- LG V30 (Verizon)
- LG V10 (AT&T)
- LG G5 (AT&T)
- LG G4 (Sprint)
- LG Stylo 3 (Sprint)
- HTC 10 (Unlocked)
- Samsung Galaxy J3 (Verizon)
- Kyocera Cadence, DuraXV LTE
In the meantime, until your device gets the BlueBorne patch, you should keep your Bluetooth off when you don’t need it. That’s the best you can do at the moment. Moreover, this goes as general advice also; you should keep Bluetooth off when you don’t use it since it saves battery too.