Tuesday, 19 September 2017

Bluetooth Problem Could Let Hackers Take Control of Your Devices

Bluetooth Problem
Blueborne, the incredible Bluetooth Issue allows hacking Android phones

More than 5 billion vulnerable Bluetooth devices, including mobile phones, laptops or IoT devices

Perhaps at the worst of times to announce a security problem like this (with the iPhone X presentation monopolizing the day), security researchers have uncovered eight major Bluetooth Issues as vulnerabilities. Three of them are especially dangerous. They would allow attacking devices like Android phones without needing to connect to them.

The Bluetooth Issue, which has been given the name BlueBorne, affect virtually every device in the world with Bluetooth, about 5.3 billion devices with vulnerabilities. Among them are laptops, connected products at home, mobile phones of all kinds with Android, iOS or Windows.

According to Armis Security, this Bluetooth Issue is considered a scenario where an attacker can intercept Android mobile information without having to connect to the computer or pair. That is, as long as the mobile has Bluetooth active, it would be in danger.

The intermediary attack, also known as Man in the Middle, does not require you to access a website or download an application or attachment from your email. The Bluetooth issue called as BlueBorne is in the libraries that integrate for the Bluetooth chip to work.

In the worst case, a hacker could access the computer, take control and execute code with bad intentions. That if, it is necessary that the attacker is really close to the victim, since Bluetooth has about 10 meters of range of action.

At home this Bluetooth Issue, the BlueBorne will not generate many problems, details of these vulnerabilities have not been made public and proximity is required. At the corporate level or even for institutions, it is not known whether anyone has used BlueBorne. In an example rather taken from a series, but plausible, a person with confidential information on his mobile could be in a cafeteria and a hacker could access his files with being close to this person.

For Android phones, Armis has published a free application that tells you if you are affected. This does not mean that they can hack your phone, but your smartphone needs an update as soon as possible.

Google will send a patch on its monthly security updates for Android 6.0 Marshmallow and Android 7.0 Nougat. Microsoft few days ago sent a security update for Windows, specifically Windows 7, 8, 8.1 and 10. Meanwhile, Apple fixed this vulnerability in one of its latest iOS 10 updates, but all computers with iOS 9.3.5 or lower, Apple TV 7.2.2 or lower are affected.

Another perfect example of an even bigger problem with an unknown dimension. All connected products that begin to expand through our homes and that have Bluetooth Issue, are mostly unprotected. Also mobile phones that never receive updates. As long as manufacturers do not send security updates regularly and install them, even the smallest of these products is at the mercy of a large-scale attack, although this in particular requires being very close.

No comments:

Post a comment

Note: only a member of this blog may post a comment.