The researchers have discovered a new malicious BlueBorne attack which can affect Windows, Linux, Android as well as iOS devices. By this malicious attack, hackers can easily get remote access to Bluetooth enabled devices without any permission of victims. The attackers use Bluetooth vulnerabilities to infect devices without being noticed by anyone operating the targeted device.
The overall 8 zero-day vulnerabilities in Bluetooth protocol have been discovered by the security researchers and out of which four vulnerabilities are rated as critical. The BlueBorne attack has already impacted more 5.3 billion devices using short range wireless communication technology.
The more shocking thing is that BlueBorne has impacted not only the devices that usually become the target of attackers but also the Apple iOS devices which are considered to be the most secured devices. While the iOS devices running 10.x version are safe, the other iOS devices still running iOS 9.3.5 or earlier versions are vulnerable to this attack.
Once the device gets infected by the malware, it becomes potentially harmful for all the devices that get connected to it via Bluetooth.
This BlueBorne attack is spreading rapidly all over the world like massive WannaCry ransomware which infected millions of users, companies, and organizations worldwide.
Ben Seri, head of the research team at Armis Labs, claims that his team made an experiment for creating a botnet network which got successful. This botnet network was used to install ransomware using BlueBorne attack. He also believes that it’s not easy to create a universal wormable exploit which can automatically find Bluetooth enabled devices and target all the devices together.
“Unfortunately, this set of capabilities is extremely desirable to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices like the Mirai Botnet or mobile devices as with the recent WireX Botnet”, Armis stated.
As all the major companies including Microsoft, Google, Apple, Linux Foundation and Samsung are informed by the security researchers about these Bluetooth vulnerabilities.
Google and Microsoft have released the patches for these vulnerabilities. All the users are recommended to apply patches to get rid of the BlueBorne attack.
For the time being, the Android users can install “BlueBorne Vulnerability Scanner” from Google Play Store to verify whether their device is vulnerable or not. This app is developed by the Armis. In case, the device is vulnerable, they should keep the Bluetooth turned off till they don’t apply the patch released by the Google.
In the nutshell, the attackers are now creating massive malware more rapidly than ever before and attacking devices by spreading them using different means. One common mistake made by victims is that they don’t apply patches just after release. They keep their system unpatched hence become the target for the attackers.