GETTY
Smartphone users have been warned about a terrifying malware spread over BluetoothSecurity experts have warned of a new virus spread over Bluetooth that can take over a smartphone - and affects almost 5.3 BILLION devices worldwide.
The BlueBorne virus takes advantage of a series of vulnerabilities affecting devices connected via Bluetooth.
The security holes let attackers take control of Bluetooth-enabled gadgets, executes code on them remotely and intercepts traffic between devices.
Gadgets affected are unpatched devices running Android, Windows and Linux as well as earlier versions of iOS, according to security research firm Armis.
The threat is dubbed BlueBorne because it spreads airborne via Bluetooth.
Researchers envisioned one worst-case scenario where a delivery person enters a bank with an infected smartphone that has Bluetooth enabled.
BlueBorne would then be able to spread to any Bluetooth enabled devices, bouncing from one to another and even onto the bank's computers.
The attack would not require victims to click on links or download infected files or to 'pair' with other devices to work.
They would simply need to have Bluetooth enabled for BlueBorne to spread at an alarmingly fast and wide rate.
The victims would be completely unaware their devices were infected, and victims would then be at risk from ransomware attacks or viruses that compromise security systems.
The biggest cyber-attacks, hacks and data breaches Sat, May 13, 2017Getty Images
1 of 15
Ben Seri, head of research at Armis Security said: "No security mechanism is there to block incoming Bluetooth connections, so an attacker can bypass all of them completely."
While Michael Parker, Armis' head of marketing, added: "Imagine WannaCry Blue."
Armis outlined the devices at risk from the BlueBorne attack in a blog post.
There are eight vulnerabilities that BlueBorne exploits, and the number of vulnerabilities a phone is at risk from varies between devices.
Armis said: "The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use.
"This means almost every computer, mobile device, smart TV or other IoT device running on one of these operating systems is endangered by at least one of the eight vulnerabilities.
"This covers a significant portion of all connected devices globally."
GETTY
Billions of smartphone devices are affected by the malware threatArmis informed many of the affected companies about the flaws before informing the public, so they had a chance to push out patches.
Apple fans will be pleased to know current versions of iOS are not vulnerable.
Anything more recent than iOS 9.3.5 or for Apple TV users, version 7.2.2, is not vulnerable to BlueBorne.
Speaking about Android, Armis said: "All Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions are affected by four vulnerabilities found in the Android operating system.
"Examples of impacted devices are Google Pixel Samsung Galaxy, Samsung Galaxy Tab, LG Watch Sport, Pumpkin Car Audio System".
Armis said Google has issued a security update patch to address the BlueBorne threat and notified its partners of it last month.
It was also made available as part of the September Security Update and Bulletin on September 4 2017.
Google automatically updates its own devices, like the Pixel.
But for devices part of the wider Android ecosystem, patch release dates are up to manufacturers.
All Google can do is provide the fixes and hope they get relayed to customers' phones and tablets as soon as possible.
Windows computers since Windows Vista were affected by one vulnerability, dubbed 'Bluetooth Pineapple'.
Armis said Microsoft issued security patches to all supported Windows versions on July 11, 2017 with co-ordinated notification on Tuesday.
The security firm also said information on Linux updates to address the Blueborne threat will be provided as soon as they are live.
To protect yourself against BlueBorne, ensure that your device (if affected) has been updated with a fix.
And if you're uncertain whether your device has been patched, it may be a good idea to turn Bluetooth off for awhile.
Related articlesSource: WARNING: Terrifying virus can take over BILLIONS of phones, here's how to stop it
No comments:
Post a Comment