Latest in Security

Image credit: Getty Images

Some phones and laptops are vulnerable to 'BlueBorne' exploit

Apple's iOS 10 isn't susceptible, Google and Microsoft have released patches.
987 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images

Armis security has identified a new vulnerability in computers and mobile devices that leaves them susceptible to attack via Bluetooth. The exploit, dubbed "BlueBorne," doesn't require user permission or to even pair with devices -- it can simply connect over the air and access networks or install malware. Armis previously alerted most affected parties back in April, but as of today, it's mostly Android devices that remain vulnerable to attack.

There are technically several distinct attack vectors spread across current mobile operating systems. As Armis noted in its BlueBorne info page, Apple's iOS beyond version 9.3.5 are vulnerable, but that vector was ironed out in iOS 10. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here. Google's Android, however, is spread across so much hardware that the onus to update falls on third-party manufacturers, who might not patch out the vulnerability in time. For its part, Google released protective patches for Nougat (7.0) and Marshmallow (6.0) as part of its September security update.

"We have released security updates for these issues, and will continue working with other affected platforms across the industry to develop protections that help keep users safe," a Google spokesperson told Engadget.

The other wildcard here: Linux-based devices. Armis informed Linux device operators of the vulnerability very late (last month, as opposed to back in April when it divulged to the other mobile OS providers). Accordingly, Armis wasn't aware of patches for Linux operating systems, meaning anything running BlueZ are vulnerable to one of the vectors, while those with Linux version 3.3-rc1 can be attacked by another. This includes Samsung's Gear S3 smartwatch, its smart TVs and family hub.

While using Bluetooth is a canny way to automatically infiltrate user devices without permission, it means BlueBorne is bound by the signal frequency's short range, and only affects devices with Bluetooth turned on. But since the exploit is so different to the typical attack vector, users wouldn't even be alerted if their device gets compromised, leading to a hypothetical nightmare scenario (detailed in the video below) wherein a user spreads the "infection" to vulnerable phones and tablets simply by walking in their vicinity.

Worried your device might be vulnerable? Check Armis' page on the exploit along with the respective white paper (PDF) explaining BlueBorne in detail.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
987 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Turns out smartphones aren't making millennials grow horns after all

Turns out smartphones aren't making millennials grow horns after all

View
Google makes Assistant available via a free phone call in India

Google makes Assistant available via a free phone call in India

View
Arcimoto is finally shipping its three-wheeled EV to customers

Arcimoto is finally shipping its three-wheeled EV to customers

View
Tesla's Model 3 joins Audi's E-Tron in claiming top safety award

Tesla's Model 3 joins Audi's E-Tron in claiming top safety award

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr