Friday, March 29, 2024

2 Billion Bluetooth Devices are Still Vulnerable to Dangerous BlueBorne Attack After 1 Year

A recent report revealed that more than 2 Billion Bluetooth Devices are still vulnerable to BlueBorne Attack even after 1 year later since the patch has been released.

A most dangerous Bluetooth based BlueBorne vulnerability discovered in 2017 that affected more than 8.2 billion Bluetooth devices around the world.

BlueBorne vulnerability in all the Bluetooth enabled device allows let an attacker penetrate the device and gain the complete control.

Every connected Bluetooth devices including mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable to this flaw regardless of the Bluetooth version.

After disclosing this critical Bluetooth vulnerability, many of the vendors issued patches but as of now more than 2 billion devices have not applied the patch which was released by respective vendors.

BlueBorne Attack Vector

Since the BlueBorne attack could spread through the air, an attacker could easily spread to the vulnerable devices and there is no user interaction needed.

Government agencies and critical infrastructure at extreme risk because attackers can bypass the air-gapped internal networks via airborne attacks.

Unlike traditional malware or attacks, the user does not have to click a link or download a questionable file.

Also an attacker can bypass the traditional security measures so the attack interaction is unnoticed.

Still Billions of Devices are Running without Patch

Even though many of the vendors released a security patch, users don’t care about the seriousness of the vulnerability and becoming the victims to the attacker.

More than 1 Billion including Android and iOS devices are still don’t receive critical updates that patch and protect them from a BlueBorne attack.

According to armis, Following list, the device are still left unpatched and running under the potential risk to being exploited by hackers.

  • 768 million devices running Linux
  • 734 million devices running Android 5.1 (Lollipop) and earlier
  • 261 million devices running Android 6 (Marshmallow) and earlier
  • 200 million devices running affected versions of Windows
  • 50 million devices running iOS version 9.3.5 and earlier

In this case, some of the vendors still working on it for the update process but still vast numbers of device having a lot of problem to get the updates.

Major problem is still peoples are using the device that belongs to End-of-life or end-of-support from the respective vendors.

Devices running Linux, like medical devices and industrial equipment, can be difficult or impossible to patch with critical security updates.

Website

Latest articles

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles