Friday, March 29, 2024

2 Billion Bluetooth Devices are Still Vulnerable to Dangerous BlueBorne Attack After 1 Year

A recent report revealed that more than 2 Billion Bluetooth Devices are still vulnerable to BlueBorne Attack even after 1 year later since the patch has been released.

A most dangerous Bluetooth based BlueBorne vulnerability discovered in 2017 that affected more than 8.2 billion Bluetooth devices around the world.

BlueBorne vulnerability in all the Bluetooth enabled device allows let an attacker penetrate the device and gain the complete control.

Every connected Bluetooth devices including mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable to this flaw regardless of the Bluetooth version.

After disclosing this critical Bluetooth vulnerability, many of the vendors issued patches but as of now more than 2 billion devices have not applied the patch which was released by respective vendors.

BlueBorne Attack Vector

Since the BlueBorne attack could spread through the air, an attacker could easily spread to the vulnerable devices and there is no user interaction needed.

Government agencies and critical infrastructure at extreme risk because attackers can bypass the air-gapped internal networks via airborne attacks.

Unlike traditional malware or attacks, the user does not have to click a link or download a questionable file.

Also an attacker can bypass the traditional security measures so the attack interaction is unnoticed.

Still Billions of Devices are Running without Patch

Even though many of the vendors released a security patch, users don’t care about the seriousness of the vulnerability and becoming the victims to the attacker.

More than 1 Billion including Android and iOS devices are still don’t receive critical updates that patch and protect them from a BlueBorne attack.

According to armis, Following list, the device are still left unpatched and running under the potential risk to being exploited by hackers.

  • 768 million devices running Linux
  • 734 million devices running Android 5.1 (Lollipop) and earlier
  • 261 million devices running Android 6 (Marshmallow) and earlier
  • 200 million devices running affected versions of Windows
  • 50 million devices running iOS version 9.3.5 and earlier

In this case, some of the vendors still working on it for the update process but still vast numbers of device having a lot of problem to get the updates.

Major problem is still peoples are using the device that belongs to End-of-life or end-of-support from the respective vendors.

Devices running Linux, like medical devices and industrial equipment, can be difficult or impossible to patch with critical security updates.

Website

Latest articles

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles