More than 5 billion devices are vulnerable to a “highly infectious” malware attack. Go ahead, blame the internet of things.
More than 5.3 billion devices with Bluetooth signals are at risk of a malware attack newly identified by an internet of things security company.
If you’re not keeping count, that’s most of the estimated 8.2 billion devices that use Bluetooth, which allows for our gadgets to connect and communicate in wireless. Nearly every connected device out there has Bluetooth capability. Your phones, laptops, speakers, car entertainment systems — the list goes on and on to even the most mundane gadgets.
Security company Armis has found a collection of eight exploits, collectively called BlueBorne, that can allow an attacker access to your phone without touching it. The attack can allow access to computers and phones, as well as IoT devices.
“Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.
“BlueBorne affects pretty much every device we use. Turns that Bluetooth into a rotten black one. Don’t be surprised if you have to go see your security dentist on this one,” said Ralph Echemendia, CEO of Seguru.
The BlueBorne attack is especially dangerous because it can spread without the victim doing anything or noticing it.
In a lot of cases, malware depends on people clicking on a link they shouldn’t have, or downloading a virus in disguise. With BlueBorne, all hackers need to spread malware is for their victims’ devices to have Bluetooth turned on, said Nadir Izrael, Armis’ chief technology officer.
And once one device has been infected, the malware can spread to other devices nearby with the Bluetooth turned on. By scattering over the airwaves, BlueBorne is “highly infectious,” Armis Labs said.