Wednesday, September 13, 2017

Computers, Phones and IoT Devices Have the BlueBorne Vulnerability

Source: Wired

"Once an attacker identifies vulnerable targets, the hack is quick (it can happen in about 10 seconds) and flexible. The impacted devices don't need to connect to anything, and the attack can even work when the Bluetooth on the victim device is already paired to something else."
...
"As with virtually all Bluetooth remote exploits, attackers would still need to be in range of the device (roughly 33 feet) to pull off a BlueBorne attack. But even with the extensive and productive BlueBorne patching that has already happened, there are still likely plenty of vulnerable devices in any populated area or building."

Source: Armis

"hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode."

Recommended actions:
1) Install Blueborne Detector on your Android devices.
2) Click "Tap to Check" and heed the warning if your Android device is vulnerable.
3) Set each of your Bluetooth devices to discoverable
4) Click "Check Devices Around Me"

Repeat steps 3 and 4 for every Bluetooth capable device.