Armis, a research firm, has revealed about a new malicious attack that can possibly make around 5.3 Billion devices susceptible to malware. Bluetooth is being used by this new attack vector to infect without being recognized by the prey. A range of devices that can be affected includes iOS, Linux, Windows, and Android. Linux, Microsoft, Apple, and Google are been notified by the researchers regarding the new “Blue Borne” attack and few of them have even launched patches for it.
The new attack vector is predominantly perilous as it does not need an URL link to launch, or for the gadget to be on the Internet, or downloading a file to be attacked by malware. It proliferates locally through Bluetooth, and pairing with the device is also not required in order to infect it. The solitary prerequisite is that Bluetooth should be switched on and then the attacker can easily link to the handset, take control, and outspread the malware.
The company mentioned on its website, “Armis has also revealed 8 correlated zero-day susceptibilities, 4 of which are categorized as critical. The attacker, through BlueBorne, can take control over the devices, get into networks and corporate data, infiltrate protected “air-gapped” networks, and outspread malware across nearby devices.”
What is even more treacherous is that the new attack vector is infectious and spreads the malware to all handsets, be it PCs, tablets, smartphones, laptops, wearables, or other connected devices operating on Windows, Linux, iOS, and Android. Thus, if a device is infected by the hacker, in turn, it can further attack other devices in the surrounding area (with their Bluetooth switched on) with no knowledge to the sufferer. For instance, if your handset gets infected, just by simply passing by their side your device can infect others and no one would even recognize that any malicious action just occurred.
This could probably give the attacker access and assist in infecting protected setups of banks and other organizations without being noticed. Armis mentions that all devices operating on iOS 9.3.5 and beyond are susceptible, but opportunely, Apple with iOS 10 has launched a patch for this, mending all problems. Even Microsoft has recently released an upgrade to shut this attack vector and Google too has released defensive patches for Marshmallow & Nougat with the September security upgrade. Nevertheless, the devices that are in Google’s hands for software support have obtained the much required fix, while all other Android devices will have to depend on third-party developers, to fix the problem. Armis stated that it is still not informed about the Linux fix but it anticipates it to be released soon.