New Cyber threat named “BlueBorne” exposes almost every device to malicious hackers.
An IoT security company discovered eight Bluetooth related vulnerabilities affecting over 5 billion Windows, Linux, and Android devices. These Bluetooth-related vulnerabilities dubbed “BlueBorne” can enable the attackers to take control of devices, steal corporate data, access network by establishing “man-in-the-middle” attack and spread malware to the devices.
All the Bluetooth enabled devices including smartphones, TVs, laptops etc are vulnerable to this attack. The company has reported the vulnerabilities to Google, Microsoft and Linux.
Google and Microsoft confirmed to release updates and patches immediately.
How can an attacker use this exploit?
There are mainly two ways in which this vulnerability can get exploited:
- An attacker can connect to the Bluetooth enabled device and then remotely execute code on that device. It will give the hacker complete control over the victim’s machine.
- An attacker can also execute Man-in-the-middle attack and sniff the ongoing traffic between Bluetooth-enabled devices. This would also enable the attackers to send malware and take full control of the devices parallel to listening to the conversations of the victim via sniffing.
Ankush Johar, Director at HumanFirewall.io said, “These exploits simply confirm that threats are always lurking around us. Zero-day exploits, not even known to the vendors themselves are being exploited by malicious hackers and surveillance groups all over the globe. It’s not about will you get hacked, it’s about when and how much!”