- In September 2017 researchers discovered new attacking technique BlueBorn impacting around5.2 billion devices running onAndroid, Linux, Windows, and iOS
- The attack exploits 9 critical vulnerabilities in Bluetooth and was discovered by researchers at IoT security firm Armis
- Now the researchers have published a new report saying that around 2 billion devices are still vulnerable to the attack.
Last year September security researchers discovered a new attacking technique called BlueBorne which exploits vulnerabilities in Bluetooth.
The attack impact all mobile, desktop and IoT devices which use Bluetooth and which was around 5.2 billion device.
The issue was discovered by researchers at IoT security firm Armis, and now the company has published another report saying that around 2 billion devices are still vulnerable to the attack.
Researchers discovered 9 critical vulnerabilities which can be exploited by attackers to gain complete control of the device.
These vulnerabilities allow attackers to carry out remote attacks on Android, iOS, Linux and Windows devices using Bluetooth connections.
The BlueBorne is an airborne attack and can be carried out without any user interaction and devices are not required to be paired or set to discoverable mode.
The only requirement is to be in the range of the Bluetooth device and like other malware attacks, users are not required to click any malicious links or visit compromised websites.
Once exploited attacker could use BlueBorne for remote code exploitation or Man-in-the-Middle attacks.
“Today, about two-thirds of previously affected devices have received updates that protect them from becoming victims of a BlueBorne attack, but what about the rest? Most of these devices are nearly one billion active Android and iOS devices that are end-of-life or end-of-support and won’t receive critical updates that patch and protect them from a BlueBorne attack.” said in the post published by Armis researchers.
Below is the list of devices which are still vulnerable to BlueBorne attack:
- 768 million devices running Linux
- 734 million devices running Android 5.1 (Lollipop) and earlier
- 261 million devices running Android 6 (Marshmallow) and earlier
- 200 million devices running affected versions of Windows
- 50 million devices running iOS version 9.3.5 and earlier
You may be interested in reading:New CSS attack will Crash your iPhone and Freezes Mac Devices