Looks like Google has fixed a Bluetooth exploit dubbed “BlueBorne” in its September security patch. According to the security research firm Armis Labs, Google’s September security patch addressed the vulnerability and now OEMs need to up their game and push updates to their devices.
So, what is “BlueBorne”? It is a vulnerability that takes advantage of the active Bluetooth connection on a device. Without user action and even pairing, hackers just need to be in the Bluetooth range to take over the device and steal data. Once hackers get access to the Android device via Bluetooth, they will have full control of the phone and access apps remotely.
The demo performed on a Google Pixel shows remote access of apps such as Camera or file system. Hackers can have full access to the device without the user knowing it. The entire attack can go “completely undetected by the user” as pointed out by the security firm.
Not just Android, other operating systems are on the radar too
Not only Android devices, but this vulnerability also attacks Windows, Linux, and older versions of iOS. Armis Labs estimates that around 5.3 billion devices are open to the BlueBorne vulnerability. In 5.3 billion devices, 2 billion is constituted by Android phones, tablets, and wearables. The company has also cited a range of Android phones that are more vulnerable to the attack; these devices are – Google Pixel, Samsung Galaxy, Samsung Galaxy Tab, LG Watch Sport, and Pumpkin Car Audio System.
Thankfully, Google addressed the issue on Android with its September security patch that is rolling out to Pixel and Nexus devices. Google’s patch for partner OEMs includes Android 6.0 Marshmallow and Android 7.0 Nougat, but it could take several months for OEMs to roll it out to all the devices. Until then, we would advise our readers to ensure that Bluetooth on their device is not turned out unnecessarily as hackers can only take advantage of “active” Bluetooth connections. Make sure that you disable Bluetooth on your device once your work is over.
The post Google Addressed ‘BlueBorne’ Bluetooth Vulnerability With September Security Patch by Zara Ali appeared first on Wccftech.