Bluetooth Security Flaws Puts Billions at Risk
A set of vulnerabilities present in "almost every" device with Bluetooth capabilities has been revealed by researchers at security firm Armis.
A set of vulnerabilities present in "almost every" device with Bluetooth capabilities has been revealed by researchers at security firm Armis, according to ZDNet.
Armis found that eight separate flaws, known collectively as "BlueBorne," affect devices with the Bluetooth short-range wireless protocol. The most serious flaws allow a hacker to gain control of an affected device and its data. The flaws also leave network computers vulnerable, meaning sensitive business data could be at risk as well.
The researchers explained that the malware exploiting the attack may be particularly infectious by passing peer-to-peer and jumping laterally, poisoning adjacent devices when the Bluetooth is switched on. For example, a single infected device moving through a busy office past dozens of people with phones, tablets and computers with their Bluetooth switched on could cause an epidemic of exposed devices. This could ultimately lead to network infiltration, ransomware attacks or data theft.
"These silent attacks are invisible to traditional security controls and procedures," said Yevgeny Dibrov, Armis' chief executive. "Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them."
These nearly undetectable flaws put the majority of devices around the world at risk - nearly 5.3 billion devices, including Windows, Android, Linux and Apple products.