Security Alert: Critical Vulnerability Identified Affecting Most Bluetooth Enabled Devices

September 14, 2017

by UNH Information Security Services

WHAT IS IT?

BlueBorne is the name given to a group of eight vulnerabilities that were disclosed September 13, 2017.  When exploited, these vulnerabilities allow attackers to execute code remotely, take over  susceptible devices, and perform man-in-the-middle (MiTM) attacks. These vulnerabilities were discovered by Armis Labs and reported to all affected vendors prior to public disclosure. 

WHAT IS THE IMPACT?

BlueBorne is said to impact at least 5.3 billion Bluetooth-enabled devices, including computers, smartphones, and IoT devices like smart watches, smart TVs, and some automobile systems. For more information on which devices are affected, click ‘Affected Devices’ on the Armis website, here: https://www.armis.com/blueborne/#/devices

IS MY DEVICE AFFECTED?

Click the link below to determine if your device is affected and if there is a patch available. Additionally, Android users can download the Armis BlueBorne Scanner App from the Google Play store to determine if their device is vulnerable.

https://www.armis.com/blueborne/#/devices

HOW CAN I PROTECT MYSELF?

Depending on your device and its operating system, there may be a patch available. The Armis website lists some patches that have already been released to protect against BlueBorne. If you have any updates available on your device, install them immediately. 

As always, to minimize the risk of a security incident, ISS continues to recommend that users disable the Bluetooth feature on their devices unless it is absolutely required. If your device is vulnerable but there is no patch available, disabling Bluetooth is the only line of defense against the BlueBorne vulnerabilities.
 

Bookmark and Share

Archive