BlueBorne Keeping 5.3 Billion Bluetooth Connected Devices at Security Risk


Published Date : Sep 13, 2017

Security researchers at Armis have discovered eight potential vulnerabilities, collectively code named as BlueBorne, which is keeping over 5.3 billion Bluetooth compatible devices at risk. The Bluetooth protocol is commonly used by electronic devices such as our phones with Android, Windows, Linux, and iOS, hearing aids, and vehicles with Android Auto.

As per the new findings, three out of these eight security flaws in the Bluetooth protocol are critical, as they can allow the hackers to impart malware and intercept communications. While the previously identified Bluetooth flaws were merely at protocol level, the new security flaws can bypass various authentication mechanisms. Armis has reported that most of the major hardware and software companies, including Google, Apple, and Microsoft are developing patches, which may be released in the coming days. BlueBorne susceptibility are tracked under the following identifiers: CVE-2017-0785, CVE-2017-0783, CVE-2017-0782, and CVE-2017-0781 Android devices; CVE-2017-1000250 and CVE-2017-1000251 for Linux; CVE-2017-8628 on Windows, and CVE-2017-14315 for iOS.

Only a Few Devices Immune to BlueBorne Threat

A vast number of electronic devices are affected, including all android phones, laptops, wearables, tablets, although android devices that function on lower energy are not affected, as Google fixed this patch flaw in its September Android Security Bulletin. All Windows after the Vista version are vulnerable, though Microsoft claims that windows phones are not influenced by BlueBorne, as the company had secretly patched CVE-2017-8628 in July. Information leak is also possible for all Linux devices that utilize BlueZ, including Samsung’s Tizen OS. This list also includes all iPhones, iPad, and iPod devices that have iOS 9.3.5 or lower. iOS 10 has patched this issue.