Bluetooth is one of the most convenient connectivity options in the modern tech world. It is efficient, reliable, flexible and it’s virtually everywhere. It’s a feature enjoyed by users of smartphones, laptops, speakers, smart home appliances and cars.
But what if someone found a way to hack Bluetooth? Well, such an attack can be of unprecedented magnitude, potentially affecting millions of gadgets around the world.
Now, that’s precisely what this group of security researchers discovered and the scary part about it is that it can exploit any device that has a Bluetooth connection, including products from all gadget manufacturers – Apple, Samsung, Amazon, Google, and Microsoft.
The researchers from security firm Armis revealed the eight Bluetooth exploits and collectively named them BlueBorne. They said the flaws allow an attacker to access your gadget without even touching it.
How does BlueBorne work?
The BlueBorne attack works similarly to the Broadcom Wi-Fi attack revealed this year. An attacker finds a Bluetooth gadget to hack then forces it to give up information about itself, including keys and passwords.
Then, it executes commands to take full control of the targeted device by exploiting a flaw in the Bluetooth protocol that allows tethering.
Finally, full control of the gadget is granted, the attacker starts streaming from the device in a “man-in-the-middle” attack. This forces the gadget to create a malicious network and forces all communications through it.
This allows BlueBorne to spread itself further through the air to other Bluetooth gadgets in the vicinity and worse still, it is practically invisible. The whole attack can be done in a blink of an eye too – about 10 seconds.
During their tests, the group managed to infiltrate a Google Pixel phone, Samsung Galaxy tablets and phones, an LG smartwatch and a car audio system using BlueBorne flaws.
“The BlueBorne attack concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air,” Armis said.
How to protect yourself from BlueBorne
BlueBorne affects a whole range of gadgets from different manufacturers. Thankfully, iPhones running iOS 10 are already immune to the attack. Microsoft also patched the issue in a security update in July.
Google sent an Android patch last month to fix the issue. In fact, the company already sent a patch to Pixel gadgets, fixing the issue for every Android version from KitKat. However, due to how Android updates are deployed depending on the manufacturer, many Android gadgets are still vulnerable to the attack.
To stay safe, please keep your gadgets updated and apply security patches as soon as you can. If you’re an Android user and you’re not sure if the fix is available for your gadget yet, it’s a good idea to turn off Bluetooth for now until a patch for your particular model is deployed.