Thursday, October 3, 2024
HomeComputer Security2 Billion Bluetooth Devices are Still Vulnerable to Dangerous BlueBorne Attack After...

2 Billion Bluetooth Devices are Still Vulnerable to Dangerous BlueBorne Attack After 1 Year

Published on

A recent report revealed that more than 2 Billion Bluetooth Devices are still vulnerable to BlueBorne Attack even after 1 year later since the patch has been released.

A most dangerous Bluetooth based BlueBorne vulnerability discovered in 2017 that affected more than 8.2 billion Bluetooth devices around the world.

BlueBorne vulnerability in all the Bluetooth enabled device allows let an attacker penetrate the device and gain the complete control.

- Advertisement - EHA

Every connected Bluetooth devices including mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable to this flaw regardless of the Bluetooth version.

After disclosing this critical Bluetooth vulnerability, many of the vendors issued patches but as of now more than 2 billion devices have not applied the patch which was released by respective vendors.

BlueBorne Attack Vector

Since the BlueBorne attack could spread through the air, an attacker could easily spread to the vulnerable devices and there is no user interaction needed.

Government agencies and critical infrastructure at extreme risk because attackers can bypass the air-gapped internal networks via airborne attacks.

Unlike traditional malware or attacks, the user does not have to click a link or download a questionable file.

Also an attacker can bypass the traditional security measures so the attack interaction is unnoticed.

Still Billions of Devices are Running without Patch

Even though many of the vendors released a security patch, users don’t care about the seriousness of the vulnerability and becoming the victims to the attacker.

More than 1 Billion including Android and iOS devices are still don’t receive critical updates that patch and protect them from a BlueBorne attack.

According to armis, Following list, the device are still left unpatched and running under the potential risk to being exploited by hackers.

  • 768 million devices running Linux
  • 734 million devices running Android 5.1 (Lollipop) and earlier
  • 261 million devices running Android 6 (Marshmallow) and earlier
  • 200 million devices running affected versions of Windows
  • 50 million devices running iOS version 9.3.5 and earlier

In this case, some of the vendors still working on it for the update process but still vast numbers of device having a lot of problem to get the updates.

Major problem is still peoples are using the device that belongs to End-of-life or end-of-support from the respective vendors.

Devices running Linux, like medical devices and industrial equipment, can be difficult or impossible to patch with critical security updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify...

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently...

Open Source C3 Frameworks Used In Red Teaming Assessments Vulnerable To RCE Attacks

C2 frameworks, crucial for post-exploitation operations, offer open-source alternatives to Cobalt Strike. They streamline...