Serious Bluetooth vulnerabilities, affecting Android, Linux, Windows, and iOS users, were announced this September. Discovered earlier in the year, the public announcement was postponed to provide vendors time to introduce security patches for their software.
The 8 identified vulnerabilities have been collectively named BlueBorne due to the nature of these attacks happening ‘over the air’ as opposed to over the internet. Blueborne allows attackers to take control of devices that have Bluetooth enabled and run malicious code without the knowledge of the device’s owner. Worryingly, a hacker only needs to exploit one device to penetrate further into a network or spread to other devices.
Initially, millions of mobile phones, laptops, and smartwatches were vulnerable, however after the announcement, smart speakers were also found to be at risk, requiring further patching. It is unknown whether further vulnerabilities are yet to be discovered.
Why is Bluetooth so vulnerable?
The problem begins with the complexity of Bluetooth itself. Bluetooth specifications are the technological building blocks that enable developers to create interoperable Bluetooth devices. The specifications stretch across 2,822 pages, which is vast in comparison to base Wi-Fi specifications, which consist of just 450 pages. Because of its complexity, Bluetooth does not receive the same level of scrutiny as other less-complicated protocols. This means vulnerabilities aren’t identified and rectified as Bluetooth evolves.
Bluetooth was originally designed for exchanging data between devices over short distances, such as connecting your keyboard to your computer, or your mobile phone to your car. With the rise of more Bluetooth enabled devices, such as smart speakers like the Amazon Dot and Google Home, connections over greater distances are now expected. This means a hacker no longer needs to be in the same room to launch an attack, but could do so from outside your building or from a vehicle in your street. This increases the risk of being hacked.
How can you protect yourself?
It is vital that you are running the latest version of your operating system and that all updates have been installed. As seen with the BlueBorne vulnerability, vendors knew about it months before it was announced publicly, and released patches during that time. There’s no guarantee that further vulnerabilities won’t emerge in the future, however ensuring you are running supported, up-to-date devices and operating systems is key to defending yourself from these attacks.
Outside the actual vulnerabilities, the root of the BlueBorne issue stems from keeping Bluetooth turned on. Turn Bluetooth off when you aren’t using it and especially when you are in public spaces. Not only will you no longer be a target for opportunistic hackers and other infected devices, but you will also preserve your battery life.
iOS 11 users should be aware that using the control panel to turn Bluetooth on and off does not actually turn it off completely. To fully disable Bluetooth, users need to go into ‘Settings’ and manually turn it off, which deactivates Bluetooth until 5am the next morning, or use Airplane mode.
For more information on how to stay safe and protect your data, please get in touch.
We’re here to help