BlueBorne allows hackers to take complete control of Bluetooth-enabled devices of all kinds.
(CCM) — Five billion devices, including smartphones and laptops, are vulnerable to a new Bluetooth-based malware attack called BlueBorne, security company Armis Labs has revealed.
BlueBorne can be used to infect many different devices that use operating systems including Android, iOS, Windows, Linux, and those used by Internet of Things (IoT) devices, with ransomware. "BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure "air-gapped" networks, and spread malware laterally to adjacent devices," the company warned.
Unlike normal attacks, which use the internet to move from one device to another, BlueBorne spreads through the air. This makes it much more contagious and allows it to spread with the minimum of effort, the company adds. All it takes is one person with an infected smartphone to infect an entire office, as the malware spreads from Bluetooth-enabled device to Bluetooth-enabled device without any actions on the part of any users such as clicking on a link or downloading a file.
Google, Apple, and Microsoft have issued fixed for the vulnerabilities on their operating systems, but iOS devices running version 9.3.5 or earlier are still vulnerable. In addition, about 180 million Android devices are running older versions of Android that will not be patched, as well as single-purpose devices such as smart refrigerators or connected televisions which rarely, if ever, receive software updates.
In total Armis Labs estimates that more than 2 billion devices will never be patched, and will therefore remain vulnerable to BlueBorne.
Image: © iStock.