We live in a moment where it seems that any person with sufficient knowledge can at any given moment attack us from the shelter and anonymity of the network and steal all our credentials and, of course, violate our privacy. For 'add fuel to the fire'This week we meet the one who has been called BlueBorne, a very critical failure of Bluetooth systems that leaves your connections totally vulnerable to attack by any hacker.
This security flaw has been discovered by the company Armis And, before continuing, make it quite clear that it can affect any device that you can use and that has this type of connection, we are talking about any type of laptop, desktop computer, mobile phone, tablets and even any type of gadget or device that you have in your smart home and that it has this option to improve its connectivity.
BlueBorne allows a person to take control of your mobile, tablet, laptop ...
Going into a little more detail, as stated by Armis, this vulnerability baptized with the name BlueBorne has the peculiarity that, unlike many other forms of attack, this time the attacker does not require you to be using a specific device for it to be attacked since literally, or at least it has been announced that way, they can take control of this device without much effort, without the need for you to connect to any website, or to pair with another device or anything like that.
Basically the only thing that an attacker requires to take control of a certain device is that it has the Bluetooth on. Once the attacker accesses and takes control, he can perfectly achieve, as has been demonstrated by several security experts, that he begins to infect all Bluetooth-enabled devices within its range so the malware will start to spread without any user being aware of it.
As a detail, although the truth is I do not know whether or not it can be of any consolation, tell you that the company that discovered this failure in Bluetooth systems has already contacted the affected manufacturers so that they can begin to develop some type of solution.
What is the BlueBorne way of working?
According to Armis herself, the way someone can access your phone, for example, by taking control of it, that is, they can access your photos, open applications, install whatever they want ... is as simple as software detects all the devices with active Bluetooth around it. Once you have this list you move one by one forcing them to give up certain information about them, information that finally allows you to be able to connect to and take control of the specific device.
Apparently, the main problem with a Bluetooth connection and the reason why BlueBorne can be so powerful and critical lies in a series of vulnerabilities that the Bluetooth Network Encapsulation Protocol, that is, the system that allows us to share an internet connection through Bluetooth. This vulnerability, as has been demonstrated, allows BlueBorne to trigger memory corruption, allowing it to execute code on the device, giving you full control.
Is there a device that is not vulnerable to a BlueBorne attack?
True is that there are many devices that are not vulnerable to an attack of this type of malware although, unfortunately, surely ours, practically all of them, if they are. According to the tests carried out, the Armis security team managed to take control of many Android, Linux, Windows devices and even several iPad, iPhone, iPod Touch or Apple TV.
During all this time, I must point out that Argus began to notify certain companies in April of this year, there are many efforts invested to try to solve this security problem. An example is Apple, which has already announced that the latest versions of its operating systems were not vulnerable, or Google, Microsoft and Linux, which have been working on different solutions for a long time.