News |

BlueBorne: Finnish cyber security watchdog issues warning about Bluetooth exploit

Millions of Bluetooth-enabled smartphones, computers and other devices in Finland are potentially vulnerable to a serious security exploit, according to cyber security officials from the Finnish Communications Regulatory Authority. The agency says the exploit, dubbed BlueBorne, potentially affects more than eight billion Bluetooth-enabled phones and gadgets around the world.

nainen läppärillä
File photo. Image: AOP

The cyber security arm of the Finnish Communications Regulatory Authority, FICORA, issued a public warning about the BlueBorne exploit on Wednesday.

FICORA posted a list of operating system software (in Finnish) versions that remain vulnerable to an exploit called BlueBorne, which can potentially affect all Android, Windows, iOS, Apple TV and Linux devices. Apple's MacOS has reportedly already been updated.

According to the international cyber security firm Armis, BlueBorne enables hackers to completely take control of computers and smartphones, via the Bluetooth connections of gadgets and Internet of Things devices - all without a users' knowledge.

Bluetooth is a wireless technology often used in cord-free devices like headphones or loudspeakers, vehicle audio systems, security cameras as well a vast array of other Internet of Things devices. Armis says that some 8.2 billion devices around the world are potentially vulnerable to BlueBorne.

Virtually all connected devices vulnerable

"The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active. Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with. This means a Bluetooth connection can be established without pairing the devices at all. This makes BlueBorne one of the most broad potential attacks found in recent years, and allows an attacker to strike completely undetected," Armis' webpage states.

The security company says that virtually all Bluetooth devices - regardless of their platforms or function - can make a non-updated system vulnerable. Both FICORA and Armis recommend that users get their systems updated as soon as possible and also recommended users to turn off Bluetooth until they get the devices updated.

"These vulnerabilities are fully operational," according to Armis, "and can be successfully exploited. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks."

Latest in: News


Our picks