‘BlueBorne’ Flaw Poses Serious Risk To Bluetooth Devices

Questions are being raised again about the security of Bluetooth after researchers uncovered another flaw that could potentially compromise billions of devices.

Armis published details of the Bluetooth vulnerability it is calling ‘Blueborne’. The attack disguises itself as a Bluetooth device and exploits a weaknesses in the protocol to deploy malicious code.

Examples
Date

“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.

“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.

“This means a Bluetooth connection can be established without pairing the devices at all. This makes BlueBorne one of the most broad potential attacks found in recent years, and allows an attacker to strike completely undetected.”

Armis said the vulnerabilities it had detected affects all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use.

Learn more