Turn Off your Bluetooth

A newly discovered attack vector named BlueBorne has dropped and vendors are pushing patches as I write. BlueBorne, a play on the words Bluetooth and airborne (as it can spread over the air), was discovered and reported by research firm Armis Labs and was assigned many CVE’s covering Windows, Linux, Android and Apple. The 8 reported vulnerabilities in the Bluetooth Protocol can allow an attacker to server malicious content, exfiltrate data, and install ransomware on the target; Successful exploitation will allow this without ever pairing with the affected device.

Ben Seri, head of the research team at Armis Labs says that during an experiment in the lab, his team was able to create a botnet network and install malware using this vulnerability. Armis had this to say:

“Unfortunately, this set of capabilities is extremely desirable to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices like the Mirai Botnet or mobile devices as with the recent WireX Botnet”

“The BlueBorne attack vector surpasses the capabilities of most attack vectors by penetrating secure “air-gapped” networks which are disconnected from any other network, including the internet.”

The way BlueBorne works, it constantly scans for devices that have Bluetooth on, and when it finds one that has relevant vulnerabilities, it can hack into the device exceptionally quickly, within 10 seconds. Once exploited, hackers can take control of the device and steal data from it. Though Armis believes it would be exorbitantly difficult for a bad actor to accomplish, BlueBorne could spread from device to device acting as a worm.

After the discovery, Armis responsibly disclosed the vulnerability to Google, Microsoft, Apple, Samsung and the Linux kernel security team. Keeping up with patches is extremely important and Google and Microsoft have already put out security patches to get rid of the vulnerability this week. If you haven’t updated your phone in the past few days, you should go ahead and do that right now.

Patching for your business can seem like an impossible task. Properly organizing patch severities and assuring that roll out to production won’t defeat an important line-of-business application can be a daunting task; contacting Thrive today can help alleviate your concerns and get a proper patch schedule in place to help make sure your systems are properly secured and patched regularly.