While we are looking out for possible ways that our
smartphones could be hijacked, and shielding ourselves from these threats, more
security threats keeps increasing. There’s a new vulnerability that has been
discovered.
smartphones could be hijacked, and shielding ourselves from these threats, more
security threats keeps increasing. There’s a new vulnerability that has been
discovered.
This time around, the vulnerability is said to be able to
infect Android devices with either malware or ransomware through a simple
Bluetooth connection. This security flaw is known as Blueborne, and it was
discovered by researchers at Armis Labs.
infect Android devices with either malware or ransomware through a simple
Bluetooth connection. This security flaw is known as Blueborne, and it was
discovered by researchers at Armis Labs.
The researchers discovered that Blueborne could be used to
send and install potentially damaging software without needing to pair the
device with an infected one. This malware transfer could happen, as long as the
Bluetooth is turned on in both devices. In fact, the phones do not even need to
be in discoverable mode.
send and install potentially damaging software without needing to pair the
device with an infected one. This malware transfer could happen, as long as the
Bluetooth is turned on in both devices. In fact, the phones do not even need to
be in discoverable mode.
Also, the infected smartphone have the capacity to spread
the same malware to other smartphones without the owner knowing anything about
it.
the same malware to other smartphones without the owner knowing anything about
it.
Now, since the Bluetooth process has high privileges in the
Android OS, any malware transmitted through Blueborne can take over the device,
retrieve private information, or lock users out of their devices.
Android OS, any malware transmitted through Blueborne can take over the device,
retrieve private information, or lock users out of their devices.
This flaw is not restricted to Android; devices running
Windows, Linux and iOS have been reported to be vulnerable to this flaw. This
puts other non-smartphone devices like personal computers and server systems at
risk.
Windows, Linux and iOS have been reported to be vulnerable to this flaw. This
puts other non-smartphone devices like personal computers and server systems at
risk.
Armis Labs has contacted several concerned parties regarding
this security flaw. So far, there have been eight zero-day vulnerabilities, and
four of these were classified as critical. These were reported to companies
like Google, Samsung, Microsoft and Apple.
this security flaw. So far, there have been eight zero-day vulnerabilities, and
four of these were classified as critical. These were reported to companies
like Google, Samsung, Microsoft and Apple.
Google has already fixed the Blueborne vulnerability with
the September 2017 Android security patch, released for devices running Android
7.0 Nougat and Android 6.0 Marshmallow. Samsung, however, is yet to respond to
Armis Labs regarding the actions it has made to secure their devices from this
loophole.
the September 2017 Android security patch, released for devices running Android
7.0 Nougat and Android 6.0 Marshmallow. Samsung, however, is yet to respond to
Armis Labs regarding the actions it has made to secure their devices from this
loophole.
