Hacking into mobile and computer devices through the use of Bluetooth pathways have been a major source of concern for both smartphones/computer users and experts of cyber security. This is because Bluetooth has always been a pregnable path for hackers to latch into and compromise targeted devices.
Now there is even more reason for these concerns over the vulnerability of Bluetooth as it has been discovered by a team of Armis researchers that hackers can now seize control of your laptops and smartphones via your devices’ Bluetooth pathway once Bluetooth is on! Eggheads at the cyber security firm also discovered that this takeover of your device by hackers – using Bluetooth – can happen without the need for permission from the user, therefore the takeover becomes more worrisome as it is completely stealth.
Ben Seri (head researcher for Armis), and Nadir Izrael (Tech Chief and Armis co-founder) both informed Motherboard that all the hacker needs to be able to infiltrate and compromise the target device is for the Bluetooth to be on. It doesn’t matter if the devices are paired or not; or if the target device is in ‘discoverable’ mode.
Findings from our team of investigators on the reason for this vulnerability of Bluetooth shows that the glitch is caused by a bug called ‘Blueborne’ and this bug cuts across all spectrum, – from Windows to Linux, iOS to Android – virtually all operating system have this bug.
Though the forecast is gloomy, there is still a ray of shining light at the end of the tunnel as most developers have developed updates that fix this bug, therefore it is not yet ‘uhuru’ for the hacker as developers have inured the user from this pregnable curtain in Bluetooth. This bug fix cuts across the different devices from Linux to Android, iOS to Windows. For Android, the 4.4.4 version and higher models have these bug fixes now incorporated in them.
For now, due to a lack of response from Apple, it cannot be ascertained, as at the time of reporting, if Apple developers have fixed the bug in Apple devices.
Collin Mulliner, a top security researcher said that studies into Bluetooth security have revealed that though this bug is bad, it is not a helpless situation for users as they can still protect their devices from hacker’s attack by implementing the fix and taking other precautionary measures like turning off Bluetooth when the device is not in use. He also said that the need for proximity to the target device by a hacker also makes it a difficult and tricky hacking pathway.
The ability to take command of a device via Bluetooth could also be a good for ethical hacking as this creates the opportunity for theft control, ethical security surveillance, child monitoring, and other ethical forms of data exchange. Dan Guido, the founder of Trail (a security research corporation), stated in a telephone conversation with Motherboard that the availability of this vulnerability doesn’t translate to victory for hackers as there exist a lot of hurdles and challenges for the hacker since one command doesn’t work for all devices.
What this means is that a hacker would have to develop different commands for different devices to be able to hack them. This in it merit is a monumental difficulty for hackers.
In the final analysis, it is recommended that apart from applying the bug fix, users should always switch Bluetooth off whenever the device is not in use.