It is the most serious Bluetooth vulnerability identified to date, since the exploit can take place at the implementation level bypassing all authentication methods.
A newly discovered vulnerability, called ‘BlueBorne’, leaves IoT devices open to a cyber attack via Bluetooth , according to security company Armis.
Most Bluetooth-enabled devices , such as smartphones, smart TVs, and car audio systems, are vulnerable to attack.
Armis has reported that up to 5.3 billion Android, iOS, Linux and Windows devices could be affected, allowing hackers to spread malware or access critical data and networks.
According to the company, “BlueBorne is the most serious Bluetooth vulnerability identified to date,” since the exploit can take place at the implementation level – not at the protocol level – which means that it ignores authentication methods and allows hackers to take complete control of the device.
“The attacker can enter a device unnoticed by the user, passing firewalls and endpoint protection systems,” said Michael Parker, vice president of marketing for Armis.
Ben Seri, head of research at Armis, has pointed out that there are two ways hackers can exploit devices. On the one hand, they could connect to a target device before executing code remotely on the terminal to take full control of a system. On the other hand, they could create a “Bluetooth pineapple” to track device traffic , hijack this connection and redirect traffic.
Google and Microsoft are already releasing updates and patches. Other vendors are still preparing the patches.
According to Armis, up to 40% of the 5.3 billion impacted devices would probably not be recoverable, being mainly IoT devices – like intelligent fridges – that can not be easily updated. The company has recommended that users disable Bluetooth to protect their connected devices until patches arrive.