You have probably heard the term “Bluetooth” before or have seen the little “antennae looking” B icon on your mobile phone or tablet, but you may not know what it does. However, if you have a mobile device, you have probably made use of it. It helps us do things like connect wireless keyboards to our laptops, connect our mobile phones to our vehicles’ infotainment systems, and even use a digital key to unlock hotel room doors. That’s why a recently disclosed flaw is so significant.
While working on a product, researchers at the security firm Armis discovered an issue with the implementation of Bluetooth that affects Android, iOS, Linux, and Windows.
Since most of us use Bluetooth in some way, it’s important to be aware that this issue needs to be fixed immediately. The good news is that there are indeed fixes available. So, if you see that little update indicator show up on your mobile devices, or get a notification on any other device that an update is available, take a few minutes to apply it. Don’t forget that Bluetooth is usually included in Smart TVs, gaming systems, and even some medical equipment. So check all of those too. Don’t ignore the indicators.
Microsoft issued a patch back in July, so if you have applied updates (and we hope you have) since then, it should have been included. Google recently pushed out patches and since the majority of the vulnerabilities were with Android, it’s very important to get it fixed right away. Four issues were seen in Android, included two that could allow an attacker to take remote control over the device.
Be aware that older products will not be issued a patch and therefore will remain at risk. If you have a computer running Windows XP for example, a patch will not be released. That is because it isn’t supported by Microsoft any longer. The same is true for older Android versions. If you have any product that is no longer supported, consider upgrading to something newer so that when vulnerabilities like this are found, you can get them fixed.
This problem with Bluetooth is so significant, because it doesn’t require any “pairing.” That is what you do when you connect items via a Bluetooth connection. However, if attackers were to exploit this one, that is being called BlueBorne, they could design a “worm-like” attack that could ultimately be used to create massive botnets. A botnet is a network of private computers that are infected with some type of malware and then linked together to form an army of machines that are controlled as a group.
If a patch or update has not been released for any particular product you own, consider disabling the Bluetooth functionality until one does become available. You can usually do that fairly painlessly by going into the settings.
The Armis researchers estimate that BlueBorne affects 5.3 billion devices, calling it the “tip of the iceberg” of issues to come with Bluetooth implementations.