About 5 billion devices could be hacked because of a key vulnerability in their Bluetooth system, cyber security experts at Armis found. The devices include smartphones, computers, tablets, and infotainment systems.
Experts found flawed implementations of Bluetooth in their operating systems which could give hackers a backdoor to compromise the devices.
In the last month, a group of IoT security experts worked closely with engineers at Google, Apple, Microsoft and Linux to build a series of patches that will fix eight Bluetooth-related security flaws. The operation was carried out in great secrecy to prevent hackers from learning the details.
If exploited, the vulnerabilities can enable hackers to take over the devices or hijack their Internet connection. The flaws are very risky because hackers don’t have to authenticate or pair devices to compromise a system. They only need the device’s Bluetooth to be turned on.
5.3Bn Devices Could Be Affected
What’s more, hackers can deploy automated attacks and they can even force devices to turn on their Bluetooth connection without the user’s knowledge. Experts think that a compromised device can infect other devices by default as soon as they came in its Bluetooth range. The attack can lead to the formation of extensive botnets.
The Armis team have called the new type of attack BlueBorne, and they think it can impact 5.3 billion devices worldwide. On top of that, the team estimates that roughly a half of devices will never get the life-saving patches because firmware updating was discontinued or users find the process of updating too complex and don’t bother.
Researchers underlined that the flaws are not built in the Bluetooth protocol, but in the way that protocol is implemented in the OS, be it Android, IOS, Linux or Windows. Also, all versions of protocols are affected with the exception of Bluetooth Smart.
Image Source: Wikimedia