Skip to main content
  1. Home
  2. Computing
  3. Mobile
  4. News

Expert says risk of Bluetooth ‘BlueBorne’ attacks across multiple devices overblown

Security firm says 'BlueBorne' is only a risk if your device isn't updated

Add as a preferred source on Google

Bluetooth was originally created in 1998 to serve as a secure short-range wireless connection between two devices. It pairs our wireless mice to our laptops, our smartwatches to our smartphones, and so on. But a recent report published by security firm Armis points to eight Bluetooth-related vulnerabilities — four of which are critical — that reside on more than 5 billion Android, Windows, Linux, and pre-iOS 10 devices. The company dubs this “epidemic” BlueBorne.

“These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date,” Armis said on September 12. “Previously identified flaws found in Bluetooth were primarily at the protocol level. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.”

Recommended Videos

The problem starts with the complexity of Bluetooth itself. The specification stretches across 2,822 pages, which is massive compared to the base Wi-Fi specification (802.11), which consists of only 450 pages. Because of its complexity, Bluetooth does not receive the same scrutinized audits as other less-complicated protocols. That means vulnerabilities get buried as Bluetooth evolves.

Many issues prior to Bluetooth v2.1 were resolved with the introduction of Secure Simple Pairing, thus the security community shifted its attention away from Bluetooth. But a thorough inspection still needed to be performed and Armis says that its discovery of eight vulnerabilities in a recent analysis of Bluetooth could very well be “the tip of the iceberg.”

Overall, the BlueBorne set of vulnerabilities can enable a hacker to take control of a device, access its content, and use it to infect other Bluetooth-enabled devices with malware. Outside the actual vulnerabilities, the root of the issue stems from keeping Bluetooth turned on. A device will listen for Bluetooth traffic even if it is not set to discoverable mode, so all a hacker needs to know is its Bluetooth device address (BDADDR), and its MAC address.

But how do you get this information? By using open-source hardware sold online that can sniff out encrypted Bluetooth connections passing through the air. These packets of information contain plain text data pointing to the Bluetooth device address. Hackers can then use that address to send unicast traffic if they are within physical proximity of the target device: 33 feet for mobile phones and headsets, and 328 feet for laptops and desktops.

“If the device generates no Bluetooth traffic, and is only listening, it is still possible to ‘guess’ the BDADDR, by sniffing its Wi-Fi traffic,” the firm explains. “This is viable since Wi-Fi MAC addresses appear unencrypted over the air, and due to the MACs of internal Bluetooth/Wi-Fi adapters are either the same, or only differ in the last digit.”

But according to Mike Weber of cyber risk management service provider Coalfire, there is no need to panic. There are no known instances of hackers taking advantage of the vulnerabilities. Even more, creating malware to possibly attack a multitude of devices spanning Windows, iOS, and Linux in a single sweep would be extremely difficult. The discovery of the vulnerabilities only points to possibilities, not an actual attack in the wild.

“If you are on a device that is no longer supported, cannot be updated, or has not yet received a patch from a vendor, it is recommended to keep Bluetooth on the device turned off except when necessary,” Weber suggests.

Microsoft produced a patch for Windows on September 12, 2017. Apple nuked the vulnerabilities on its products with the release of iOS 10, but all devices running iOS 9.3.5 and older are still vulnerable. Google patched the issues on Android 6.0 (Marshmallow) and Android 7.0 (Nougat) on August 7, 2017, but if you’re still worried about BlueBorne, Armis Security provides an app on the Google Play Store.

Updated: Now reflects new information provided by Coalfire.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
ChatGPT’s hiking advice left two hikers stranded on a mountain in Poland
The chatbot directed the pair onto a climbing route neither had the skills to finish, and it's not the first time AI has sent travelers somewhere they shouldn't have gone.
Bag, Clothing, Coat

A shortcut recommended by ChatGPT left two hikers stuck on a mountain face in Poland this month, and they needed a helicopter to get back down. It's the latest case of an AI chatbot steering travelers toward routes it has no real way to evaluate.

ChatGPT's shortcut led straight to a dead end

Read more
Firefox is doubling its update pace, and that’s good news for your security
Mozilla Firefox

Mozilla is about to speed up one of the most important parts of using Firefox: security updates. If you're used to seeing a new Firefox update land about once a month, that's about to change. Beginning in September, Mozilla plans to switch to a two-week release schedule for Firefox on desktop and Android, meaning users should start getting updates twice as often. That might sound like more frequent downloads, but it's really about closing security gaps sooner.

Why waiting a month for security fixes no longer cuts it

Read more
Anthropic confirms Claude acts differently depending on your language and which model you pick
A new study shows Claude's isn't nearly as consistent as you might assume.
Claude app on iPhone

If you've ever felt like Claude gave you a completely different vibe on one day than another, you weren't imagining it. Anthropic just published research confirming that its chatbot's personality shifts depending on which model you pick and which language you type in, and the pattern is consistent enough that it's worth knowing before you ask your next question.

The model you pick decides how Claude responds

Read more