Bluetooth, the short range radio communication that lets all your devices talk to each other. Bluetooth is used in a variety of applications such as data sharing, wifi hotpsotting, remote control, broadcasting, positioning and others. Bluetooth is also vulnerable to attack by a variety of outside sources. Bluetooth hacks come every few years, and they tend to be very dangerous. Bluetooth is already present as a hardware piece in your phone, and it usually has access to all of your files and the ability to transmit them. Bluediving is a popular attack form that still sees some use, and involves using a short range Bluetooth based attack to mine a device for its data.
BlueBorne is an exploit that takes advantage of Bluetooth, and as an extra bit of fun can spread itself across nearby devices using Bluetooth. There is also a risk that instead of directly interfacing with infected devices that it instead acts like a data siphon, copying and transmitting stolen data to somewhere on the web. BlueBorne does NOT require your Bluetooth connection to be on, or for you to be linked to another device. Bluetooth has permissions to pretty much anywhere on devices it’s installed on, so your device can be infected without your ever becoming aware of it and without any notification. Google and Microsoft have both released patches for their devices, before the press release announcing that they knew of BlueBorne. This was to allow devices to get patched without the attackers being let in that tech companies were are on to them. The patch only covers certain devices however, about 45% of all Google and Microsoft platforms can receive the update. This leaves over a billion devices vulnerable to the attack, with a slim-to-none chance of getting a security patch. Linux devices can be affected as well, and their is not currently a patch out for BlueBorne.
Tech companies are currently working to patch all vulnerabilities, as anything that is part of the Internet of Things (IoT) is vulnerable. Your phone could infect your smart thermostat, which would infect your router and anyone who visits your home. From there the infection could spread further, taking over hundreds of devices. While disconnectedness is great and allows for amazing features and convenience it does significantly raise the risk of a serious cyber attack. Allowing quick, efficient communication between devices means cutting down on security protocols. Cutting down on security protocols makes it easier for hackers to attack and control devices.
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.