The majority of Android phones, tablets, and wearables -- except devices only with Bluetooth Low Energy -- are vulnerable to two memory corruption-based remote code execution flaws, an information leak bug, and a data intercepting man-in-the-middle attack.
Apple fixed its share of the vulnerabilities in iOS 10, which 89 percent of all users are using as of early September. But that still puts millions of older iPhone 4s handsets that are ineligible for the latest update devices, as well as all other devices running iOS 9.5.3 and lower, at risk.
Major Bluetooth security flaw leaves millions of devices at risk
But, as this wireless technology continues to evolve, cyber attacks are becoming a major threat. Almost every Bluetooth connected device is open to cyber attack. Fortunately, there are ways to avoid these risks when utilizing Bluetooth technology. Below, we explain the cyber risk and offer tips to properly secure your devices.
A family of vulnerabilities found in various Bluetooth Low Energy (BLE) development kits (SDKs) of seven major system-on-a-chip (SoC) affects millions of devices around the world, ranging from simple Bluetooth trackers to medical devices.
Just last year, a new BrakTooth security flaw left millions of Bluetooth-enabled devices vulnerable to attacks of hackers. Without realizing it, most people leave their devices vulnerable to attacks just by forgetting to turn off the Bluetooth on their devices. A 2021 study revealed that over 40 to 50 percent of IoT users leave Bluetooth turned on, making their devices vulnerable to malicious attacks. Today, this problem is still persistent as hackers continue to compromise the devices of users by exploiting vulnerabilities in Bluetooth technology.
Google and Microsoft released updates fixing the vulnerabilities in their September security updates for Android and Windows, and major Linux distributions are coordinating their own fixes. Microsoft said Windows Phones are not impacted, and Apple had changed how it implemented Bluetooth in iOS 10, providentially closing the vulnerability by the time Armis reported the issue. Only pre-iOS 10 versions remain at risk, which Armis estimates at about 130 million devices.
Notable vulnerabilities include 2017's BlueBorne, which affected the Bluetooth implementations then used by all major operating systems and allowed any Bluetooth device to be taken over and exploited with remote code execution and well as man-in-the-middle attacks, a 2018 attack that manipulated Bluetooth pairing flaws to gain access to devices and, just this month, a more specific pairing vulnerability affecting products including Google's Titan Security Keys.
A major factor lies in its nature. Bluetooth technology operates on having devices discover each other when within close range of each other. The Bluetooth-enabled device sends a signal that can be detected by other devices that are in its range. This discoverability leaves them vulnerable to a malicious attack if a hacker is in the area, whether by managing to connect to the device without the user's permission or by sending a barrage of connection requests that leaves the phone temporarily unusable (via GovInfo). 2ff7e9595c
Comments