Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

BlueBorne Bluetooth Attack Puts 5 Billion Devices at Risk

This technique could allow an attacker to take control of affected devices, access corporate networks, and spread malware.

By Angela Moscaritolo
Updated September 13, 2017
BlueBorne

Do you have a device with Bluetooth capabilities? We have some potentially bad news.

SecurityWatch Researchers at security firm Armis are warning users about a new attack vector leveraging Bluetooth that affects almost 5.3 billion devices across iOS, Android, Windows, and Linux. The BlueBorne technique, which spreads through the air, could allow an attacker to take complete control of affected devices, access corporate data and networks, penetrate even "secure" networks, and spread malware.

Worse yet, "the attack does not require the targeted device to be paired to the attacker's device, or even to be set on discoverable mode," the company wrote in a blog post. In fact, this attack requires no user interaction at all.

If a user simply has Bluetooth enabled, a hacker would be able connect to their device and spread malware—all without the user's knowledge. Armis explained that because it propagates through the air, BlueBorne is "much more dangerous" than the majority of attacks today, which rely on the internet. This unusual attack method also allows hackers to bypass current security defenses since they don't protect against "airborne threats" of this kind.

"BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices," Armis said.

Armis has uncovered eight associated zero-day vulnerabilities, four of which are classified as "critical." The company has reported these flaws to affected companies — including Google, Microsoft, Apple, Samsung, and Linux — and is working with them to get patches deployed.

Apple mitigated the flaw in iOS 10, but all iPhones, iPads, and iPod touch devices with iOS 9.3.5 or lower, and Apple TV devices with version 7.2.2 or lower are at risk. Google, meanwhile, has issued a security update for Android version 7.0 Nougat and 6.0 Marshmallow and notified its partners about it. This threat, however, affects "all Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions," Armis said.

Microsoft on Tuesday issued security patches to protect supported versions of Windows against this threat. The Linux team is also working to issue patches.

If you're worried, Armis recommends disabling Blutooth and using it as little as possible.

How Your Password Was Stolen
PCMag Logo How Your Password Was Stolen

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Angela Moscaritolo

Managing Editor, Consumer Electronics

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

Read Angela's full bio

Read the latest from Angela Moscaritolo