Bluetooth flaw allows airborne viruses silently to attack internet-enabled devices

1

Vulnerabilities in Bluetooth could allow airborne computer viruses to spread silently, potentially infecting billions of devices around the world, a team of cyber security experts has warned.

Collectively dubbed “BlueBorne”, they exposes Bluetooth-enabled devices to security breaches.

Infection via BlueBorne would not require a user to click on a link or download a file as it spreads silently via Bluetooth-enabled devices.

Tech giants – including Google, Apple and Microsoft – have been made aware of the flaws and have responded.

Dan Tehan, the Minister Assisting the Prime Minister for Cyber Security, said the Australian government had notified device manufacturers.

The Australian Cyber Security Centre (ACSC) is aware of the vulnerabilities but is not aware of them having been exploited.

“The vulnerabilities reported are concerning and device manufacturers have been notified and are working on updates to fix the vulnerabilities,” Mr Tehan said.

“The ACSC recommends that all users apply the latest software security updates to their devices. Device owners should consider disabling Bluetooth functionality on your device where it isn’t required.”

The eight security gaps were identified by US cyber start-up Armis this year.

Researchers found the weaknesses could allow attackers to take control of Bluetooth-enabled devices – such as laptops, phones, TV sets and watches – and execute code remotely or intercept traffic between them.

The cyber security experts compared the potential harm of BlueBorne to the havoc wrought by ransomware attack WannaCry this year.

“No security mechanism is there to block incoming Bluetooth connections, so an attacker can bypass all of them completely,” Armis head of research Ben Seri told Fortune.

Armis reported the weaknesses to Apple, Google, and Microsoft in April and to Linux in August.

Most of the tech companies have fixed the flaw; Apple addressed it with the release of iOS 10 last year.

Security updates for Android devices have also been issued.

An estimated 8 billion Bluetooth devices are in use around the world.

Armis researchers said the complexity of the technology represented a risk to security.

“Bluetooth is complicated. Too complicated,” the researchers wrote in their white paper discussing the vulnerability of the system.

“As the Bluetooth stack is such an immense piece of code, the work we are presenting might be only the tip of the iceberg.”

Armis chief executive Yevgeny Dibrov said the covert nature of BlueBorne made it extremely dangerous.

“These silent attacks are invisible to traditional security controls and procedures,” he wrote in a statement.

“Companies don’t monitor these types of device-to-device connections in their environment, so they can’t see these attacks or stop them.”