In the age of digitisation, it is important to keep abreast with the latest information about the ever changing threat landscape and associated cybersecurity challenges. As smart products proliferate and touch our lives more than ever, such as mobiles, digital watches, gaming consoles, IoT devices, smart home systems and self-driving cars, so do risks of attack via the new connectivity.
Bluetooth is one of the most used technologies as it is available on almost every smart device out there. It is mostly used for sharing data as they don’t need an exclusive broadcasting system like internet or GSM. Bluetooth can be utilised for sharing files and exchanging information, connecting a digital watch with a mobile device or pairing the remote control to the smart TV.
Recently, a new exploit called ‘BlueBorne’ has been discovered, which allows a person with the right tools and range of a smart thing to gain control over that device without pairing or any action from the user. According to the latest research by Aramis Lab, due to BlueBorne vulnerability many platforms are impacted. This threat spreads in a stealth mode and cross-platforms. Once BlueBorne takes control over a device, it starts looking for near Bluetooth enabled devices thus making it one of the most destructive threats that can impact an enterprise network.
BlueBorne is not just an inconvenient vulnerability but rather a serious threat. The vulnerability can lead to ‘Man-in-the-Middle’ attack where someone intercepts Bluetooth traffic between you and a thing you connect to and obtain financial and/or confidential information. For example, an enterprises reputation and brand can be damaged if an executive’s phone is breached and started to send phishing emails or confidential communications through the user’s official account to the entire contact list.
The good news here is that Bluetooth is a short-range connection standard. This means you are only at risk when the person using this attack is within 30 feet of your smart-thing. Unfortunately, current security measures such as mobile data management, endpoint protection, firewalls, and network solutions are not designed to deal with airborne attacks. In order to make it harder for this attack to succeed, the following is recommended:
- Bluetooth should be shut off when not in use as there is no way for an attacker to turn Bluetooth on at least not yet.
- A lock screen should be configured as well as having a password, PIN, pattern, fingerprints or anything similar set up.
- As a rule of thumb, avoid leaving your phone unattended even if you are only stepping away for a minute or two.
- Be vigilant! The phone’s screen will turn on when someone tries to do anything after they are connected to your device.
- No matter the type of device, you need to keep your software up to date with patches and security releases.