BlueBorne is a set of eight flaws that collectively can be used to attack iOS, Android, WIndows and macOS devices. With many IoT devices using Bluetooth, this is a significant issue that could be exploited by an attacker to take over devices, steal data or launch other attacks.
Armis has released a white paper that describes the how the vulnerability works and how it can be exploited. Unlike many other Bluetooth attacks, BlueBorne doesn’t require the targeted device to be paired to the attacker’s device or be in discoverable mode and can spread over the air.
They claim it potentially affects over 8 billion devices although that sounds like a bit of hyperbole given most of the installed base of iOS users, for example, are running a version of iOS that is not vulnerable.
Armis says that they have been contacting vendors since April this year as part of their responsible disclosure of the flaws.
Older devices are particularly affected with the most recent OS updates for some of the affected platforms having patched against some of the flaws that BlueBorne.
Leave a Reply
You must be logged in to post a comment.