Researchers at Internet of Things (IoT) security firm Armis Labs have found “BlueBorne” — a new malware that targets devices via Bluetooth and over five billion such devices globally are at risk. “BlueBorne” allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices, the researchers noted.
“Bluetooth attacks such as a recent set of attack vectors ‘BlueBorne’ depend on the availability of the Bluetooth device as well as close physical proximity”, said Vitaly Kamluk, Senior Antivirus Expert, Kaspersky Lab, in a statement on Thursday. The new vector spreads through the air and is capable of causing eight related zero-day vulnerabilities, four of which are classified as critical.
It poses threat to major mobile, desktop and IoT operating systems that includes Android, iOS, Windows and Linux and the devices using them. “Regardless of the security features on your device, the only way to completely prevent attackers from exploiting your device is to power off your device’s Bluetooth function when you’re not using it. Not putting it into an invisible or undetectable mode,” Kamluk added.
According to reports, Apple’s iOS hasn’t been affected by “BlueBorne’s” flaws since the 2016 iOS 10 release and Microsoft patched the bugs in Windows in July. Meanwhile, Google is working on releasing a patch but this can take significant time.