While we are looking out for potential ways that our smartphones could be hijacked, and protecting ourselves from these threats, more safety issues keep coming up. There’s a new vulnerability that has been discovered. This time around, the vulnerability is said to be able to infect Android devices with either malware or ransomware through a simple Bluetooth connection. This security flaw is known as Blueborne, and it was discovered by researchers at Armis Labs.
The researchers discovered that Blueborne could be used to send and install potentially damaging software without needing to pair the device with an infected one. This malware transfer could happen, as long as the Bluetooth is turned on in both devices. In fact, the phones do not even need to be in discoverable mode. Furthermore, the infected smartphone have the capacity to spread the same malware to other smartphones without the owner knowing anything about it.
Now, since the Bluetooth process has high privileges in the Android OS, any malware transmitted through Blueborne can take over the device, retrieve private information, or lock users out of their devices. This flaw is not restricted to Android; devices running Windows, Linux and iOS have been reported to be vulnerable to this flaw. This puts other non-smartphone devices like personal computers and server systems at risk.
Armis Labs has contacted several concerned parties regarding this security flaw. So far, there have been eight zero-day vulnerabilities, and four of these were classified as critical. These were reported to companies like Google, Samsung, Microsoft and Apple. Google has already fixed the Blueborne vulnerability with the September 2017 Android security patch, released for devices running Android 7.0 Nougat and Android 6.0 Marshmallow. Samsung, however, is yet to respond to Armis Labs regarding the actions it has made to secure their devices from this loophole.