Like the mobile phone all year long drive bluetooth of your attention!Recently, the security research firm Armis in bluetooth protocol found eight zero-day vulnerabilities, these holes will affect the smart phones, laptops, smart TV and any other Internet of things have bluetooth function equipment. Android, iOS, Windows, Linux system equipment, etc.
More than 5.3 billion devices have been affected, Armis said.
How bad is this attack?
Hacker News in The media released a demo video, The researchers used to attack these gaps, without any interaction and users, not even The attacker devices and target matching, can fully take over The user’s mobile phone.
In the video, the attacker in the user completely unwittingly, light screen, open the camera and into a front-facing camera, is all ears don’t know to see on the computer for the lady took a photograph, and get your photos back to attack equipment.
At the same time, Armis researchers used holes to design a set of attack vectors called BlueBorne. During the experiment, the Armis team built a botnet, which was installed after the Blueborne attack.
If BlueBorn’s attack spreads like the previous worm blackmailer WannaCry, it will wreak havoc on the world’s biggest companies.
Armis believes it is difficult to create a universal worm attack using these vulnerabilities, but unfortunately, hackers like to challenge, and the benefits are attractive. BlueBorne attacks can be used for data theft and extortion attacks, as well as creating botnets using Internet of things devices or mobile devices. The last point is that most attack vectors are difficult to implement.
The impact of these holes “serious”, from the financial industry, the airline, the more the more enterprises or institutions in the use of mobile devices with bluetooth is office, if the neglect of these devices for protection, once under attack, light business interruption, or cause safety accidents.
In fact, in the months leading up to the disclosure, Armis reported the bugs to Google, apple, Microsoft, samsung and Linux.
In July, Microsoft released security updates, and all devices that enable Windows Update and apply security updates are automatically protected. Also getting rid of the risk are apple phones running the latest version of the system (10.x).
But while Google has released security patches, there are plenty of Android devices in the market, and it’s hard for ordinary users to know what time to patch.
Users can download some testing software to see if their devices are vulnerable. Currently, BlueBorne Vulnerability Scanner applications can perform such tests. It is developed by Armis team and can be downloaded and installed at GuGe Play store.
In addition, it is important to note that all running 9.3.5 or older version of the iOS devices, operating more than cotton candy (6 x) old Linux versions of the Android devices and operation system of intelligent bluetooth devices are still affected by BlueBorne attack.
How can you defend against an attack without a patch, without a system update?
Depending on the nature of the bluetooth, the hacker wants to attack, and the device’s bluetooth function must be “turned on”, and the device cannot be too far apart.
So, the expert’s advice is: “if you’re worried, turn off the bluetooth first.”