Thursday, June 13, 2024

2 Billion Bluetooth Devices are Still Vulnerable to Dangerous BlueBorne Attack After 1 Year

A recent report revealed that more than 2 Billion Bluetooth Devices are still vulnerable to BlueBorne Attack even after 1 year later since the patch has been released.

A most dangerous Bluetooth based BlueBorne vulnerability discovered in 2017 that affected more than 8.2 billion Bluetooth devices around the world.

BlueBorne vulnerability in all the Bluetooth enabled device allows let an attacker penetrate the device and gain the complete control.

Every connected Bluetooth devices including mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable to this flaw regardless of the Bluetooth version.

After disclosing this critical Bluetooth vulnerability, many of the vendors issued patches but as of now more than 2 billion devices have not applied the patch which was released by respective vendors.

BlueBorne Attack Vector

Since the BlueBorne attack could spread through the air, an attacker could easily spread to the vulnerable devices and there is no user interaction needed.

Government agencies and critical infrastructure at extreme risk because attackers can bypass the air-gapped internal networks via airborne attacks.

Unlike traditional malware or attacks, the user does not have to click a link or download a questionable file.

Also an attacker can bypass the traditional security measures so the attack interaction is unnoticed.

Still Billions of Devices are Running without Patch

Even though many of the vendors released a security patch, users don’t care about the seriousness of the vulnerability and becoming the victims to the attacker.

More than 1 Billion including Android and iOS devices are still don’t receive critical updates that patch and protect them from a BlueBorne attack.

According to armis, Following list, the device are still left unpatched and running under the potential risk to being exploited by hackers.

  • 768 million devices running Linux
  • 734 million devices running Android 5.1 (Lollipop) and earlier
  • 261 million devices running Android 6 (Marshmallow) and earlier
  • 200 million devices running affected versions of Windows
  • 50 million devices running iOS version 9.3.5 and earlier

In this case, some of the vendors still working on it for the update process but still vast numbers of device having a lot of problem to get the updates.

Major problem is still peoples are using the device that belongs to End-of-life or end-of-support from the respective vendors.

Devices running Linux, like medical devices and industrial equipment, can be difficult or impossible to patch with critical security updates.

Website

Latest articles

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...

Firefox 127 Released With patch for 15 Vulnerabilities

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles