BlueBorne – the Attack that Can Spread Malware without an Internet Connection
Here’s what you need to know about BlueBorne attack
Bluetooth is everywhere. Smartphones, laptops, digital camera, printers, smart TVs, cars or IoT devices, they all come with this wireless technology and can easily connect between them. But how safe is it?
Security researchers at Armis Labs recently reported a new attack vector known as “Blueborne”. This vector enables attackers to spread malware through thin air and potentially infect all devices that include Bluetooth wireless technology.
This method of operation involves zero human interaction and no Internet connection. Users don’t have to click on a certain link or download a malicious file or document to get infected.
The company has also identified 8 zero-day vulnerabilities tied to this attack vector, which prove its massive potential impact:
More than 5.3 billion devices across Android, Windows, iOS, or Linux are vulnerable to BlueBorne!
What is different about BlueBorne
The BlueBorne attack vector targets all active Bluetooth-enabled devices and easily finds those that aren’t set to “discoverable” mode. It also does not require a targeted device to be paired to the infected device (an essential Bluetooth connectivity feature required between devices). What makes this cyber threat so dangerous is that it can go unnoticed by users and quickly infect their devices.
Unlike other methods, this one is invisible and spreads locally over Bluetooth, targeting a vulnerability in bluetooth technology.
Once infected, the attacker takes control over the victim’s device and access his/her sensitive data, files and other information. It can determine which operating system the victim is using, and adjust the exploit accordingly.
The malicious hacker can also deploy a MITM (Man-in-the-Middle) attack by placing himself between your device and the website or app you’re communicating with. After getting full control over the device, the attacker exploits the vulnerabilities on it for various cybercriminal purposes.
Here’s a quick demo on how the BlueBorne attack vector works:
How BlueBorne makes malware distribution “invisible”
Imagine getting infected with ransomware just because you had Bluetooth turned on. Imagine not knowing where the infection came from. Imagine malware spreading offline, without you clicking or downloading anything.
This is what BlueBorne can do.
Naturally, cyber criminals can deploy any type of malicious software they want, from banking Trojans to ransomware and info-stealers. Even the list of most common cyber attacks is quite long.
By using BlueBorne, attackers can:
- Infect devices and ask for ransom
- Steal your sensitive data
- Spy on your browsing habits
- Use financial malware to defraud you
- Recruit your devices into massive botnets (like Mirai) which are usually used in subsequent attacks.
You may be asking yourself if your antivirus will protect you from this. BlueBorne is an attack vector, not a type of malware or a virus, so it can’t block it. Your antivirus might block the malware strain deployed through the attack, but it depends on how new and sophisticated it is.
That’s why you should think of your protection in multiple layers.
Who is vulnerable
The company warned about the devices affected by BlueBorne attack:
- All Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions
- All Windows versions since Windows Vista
- Devices running on Linux
- All iPhone, iPad and iPod touch devices running on iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower.
You can find more details in the announcement made by Armin.
How to secure your device
First of all, don’t panic!
Such cyber threats can make one feel helpless, but that doesn’t mean you should give up and wait for the worst to happen.
Step 1: If you are not actively using it, just turn off your Bluetooth connection. This is the simplest way you can protect your devices and avoid being infected with malware.
Step 2: Make sure you have updated the operating system on all your devices. The same goes for all the applications you have.
Note that security updates have already been released from most of manufacturers and OS developers. Android users can download the BlueBorne Vulnerability Scanner App available on the Google Play Store to check if their devices are vulnerable to this attack vector.
No matter the type of device, you need to keep your software up to date. Read our guide with all the resources needed to stay safe online.
Yes, that might lead to some costs along the road, because older hardware doesn’t support the latest updates, but it’s worth the investment.
To keep safe and same time enjoy technology, consider the risks and do something to reduce them.
Have you checked if your device is vulnerable to BlueBorne?