Select Page

Eight Bluetooth vulnerabilities have been identified and collectively called BlueBorne. These vulnerabilities are currently known to affect Windows, Linux, Android, Apple iOS and other smart devices.

 

What this means

The Blueborne vulnerabilities could allow a remote (but physically close) unauthenticated attacker to access a vulnerable device, without any authentication or user interaction. If you have a vulnerable device, with Bluetooth enabled, an attacker who is within range of your Bluetooth device may be able to gain access to your device and run malicious code, without your intervention or knowledge

 

Prevention

In order to protect yourself from this vulnerability, these are the steps that CERT NZ recommends you take immediately to protect your devices.

  • Ensure you’ve patched all devices. CERT NZ recommends that you apply all security updates to all systems and software.
  • Disable Bluetooth on the device if it isn’t required.
    • If it isn’t possible to disable Bluetooth, check with the vendor or product manufacturer if an update is required and when it will be implemented.
  • Be careful when enabling Bluetooth in public as it has a range of around 10 metres, which could put the device at risk as Bluetooth attacks can be implemented remotely.

Additional information for businesses:

  • Ensure staff are aware of this issue. Remind them to patch and only turn on Bluetooth on their devices if it is required.
  • Special consideration should be taken for devices and systems that are reaching end of life. CERT NZ recommends that these are updated to a supported version immediately. If updating isn’t possible, it’s important to identify the risks of continuing to use these systems and devices and mitigate them where possible such as disabling any unnecessary services.

Thanks to CERTNZ for providing the information in this bulletin. For more information please visit the CERTNZ advisory page.