BlueBorne vulnerability makes it possible to perform a cyber attack on Bluetooth devices: here’s how to defend yourself
Bluetooth is a great convenience when we need to establish a connection between two devices within a short distance of each other, such as a speaker or wireless headphones for the smartphone, or when we need to transfer files from one device to another. But it can also be a danger, due to more than one vulnerability of this standard.
Well-known vulnerabilities, by the way, such as the so-called “BlueBorne” discovered back in 2016-17: these are as many as 8 security flaws in the Bluetooth protocol, not related to the operating system used by the smartphone, which, however, device and mobile OS manufacturers seem to have largely underestimated. Twelve months after the discovery of BlueBorne, in September 2018, researchers at Armis Security calculated that there were still 2 billion attackable devices out there. That’s because we’re not just talking about smartphones but any device that integrates a Bluetooth chip: from PCs to Smart TVs. Whoever managed to carry out a BlueBorne attack, in essence, was able to get hold of all the data contained in the device even without pairing.
Security patches for Bluetooth
While BlueBorne has been the biggest and most dangerous vulnerability that has plagued the Bluetooth connection in recent years, many other minor vulnerabilities have been discovered and fixed as different patches for various operating systems have been published. Up until the latest June 2019 cumulative update of Windows 10, for example, Microsoft has fixed a number of flaws in this connection by intentionally preventing connections between Windows and unsecured Bluetooth devices that use well-known security keys to encrypt the connections. On Linux, however, things are more complicated due to the lack of an automatic and centralized update system that allows the OS developer to bypass the user and fix risky bugs.
Better to turn off Bluetooth
In light of all this, the advice for using Bluetooth connection more safely is to turn it off when it is not strictly necessary. The fact that the actual range of this standard usually doesn’t go beyond 10 meters limits the risks of mass attacks against devices, but not those of individual attacks against single devices. Also, keeping up to date with Bluetooth vulnerabilities and manually installing patches that cannot be installed automatically limits the risks even more.