Tuesday, September 12, 2017

New Clickless Bluetooth Attack - Billions of Devices Vulnerable

Researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows.

BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on. The exploit process is generally very fast, requiring no more than 10 seconds to complete...

"Just by having Bluetooth on, we can get malicious code on your device," Nadir Izrael, CTO and cofounder of security firm Armis, told Ars. "BlueBorne abuses the fact that when Bluetooth is on, all of these devices are always listening for connections."
Patch now, if you haven't already. more